CVE-2020-9492

Отчет

While OpenShift Container Platform (OCP) does package a vulnerable version of hadoop-hdfs-client in the hadoop and hive containers, the HDFS storage back-end is not enabled by default and is largely undocumented/unsupported. However, as it still can be enabled by using the configuration option unsupportedFeatures.enabledHDFS, the vulnerability has been rated Moderate for OCP. In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of hadoop package. Since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix. This may be fixed in the future. [1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated