[ https://issues.apache.org/jira/browse/DRILL-6192?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16392813#comment-16392813 ]
ASF GitHub Bot commented on DRILL-6192: --------------------------------------- Github user arina-ielchiieva commented on the issue: https://github.com/apache/drill/pull/1136 Lib version should be renamed to `1.8-rev2` and sources should be published as well. > Drill is vulnerable to CVE-2017-12197 > ------------------------------------- > > Key: DRILL-6192 > URL: https://issues.apache.org/jira/browse/DRILL-6192 > Project: Apache Drill > Issue Type: Bug > Reporter: Volodymyr Tkach > Assignee: Volodymyr Tkach > Priority: Major > Fix For: 1.13.0 > > > The current version of libpam4j bundled with MCS does not perform any > authorization check. Any user with valid password could access the cluster > even if the user account is disabled/password expired/'not allowed to access > the service(pam_access ..)' etc.. -- This message was sent by Atlassian JIRA (v7.6.3#76005)