Описание
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListVendor Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.2.0 (включая) до 2.10.2 (исключая)Версия от 3.0.1 (включая) до 3.2.3 (исключая)Версия от 3.3.0 (включая) до 3.3.2 (исключая)
Одно из
cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02095
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-24
CWE-22
Связанные уязвимости
CVSS3: 8.8
redhat
больше 3 лет назад
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
CVSS3: 8.8
debian
больше 3 лет назад
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2. ...
EPSS
Процентиль: 84%
0.02095
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-24
CWE-22