Описание
In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
A flaw was found in Apache Hadoop in versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4. A user who can escalate to a yarn user can possibly run arbitrary commands as root user. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | hadoop-core | Not affected | ||
| Red Hat JBoss Data Grid 7 | hadoop-core | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | hadoop-core | Not affected | ||
| Red Hat JBoss Fuse 6 | hadoop-core | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-hadoop | Not affected | ||
| Red Hat Satellite 5 | nutch | Not affected | ||
| Red Hat Satellite 5 | spacewalk-search | Not affected | ||
| Red Hat Storage 3 | rhs-hadoop | Not affected |
Показывать по
Дополнительная информация
Статус:
8.8 High
CVSS3
Связанные уязвимости
In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2 ...
Privilege escalation vulnerability in Apache Hadoop
Уязвимость платформы для распределенной разработки и выполнения программ Apache Hadoop, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии до уровня root и выполнить произвольный код
8.8 High
CVSS3