Severity
Medium
Analysis Summary
CVE-2021-28131
Apache Impala could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of secret in the log files. By gaining access to the log file, an attacker could exploit this vulnerability to obtain secret information, and use this information to gain access to another user’s session.
Impact
- Information Theft
- Unauthorized Access
Affected Vendors
Apache
Affected Products
- Apache Impala 3.0.0
Remediation
Upgrade to the latest version of Apache Impala (4.0 or later), available from the Apache Web site.