PT-2019-4221 · Apache · Apache Hadoop
Duo Zhang
·
Publicado
2019-05-30
·
Atualizado
2020-10-08
·
CVE-2018-8029
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Apache Hadoop versions 2.2.0 through 2.8.4
Apache Hadoop versions 2.9.0 through 2.9.1
Apache Hadoop versions 3.0.0-alpha1 through 3.1.0
Description
The issue is related to insufficient access control in the Apache Hadoop platform, which can be exploited by a remote attacker to elevate privileges to the root level and execute arbitrary code. A user who can escalate to the yarn user may be able to run arbitrary commands as the root user.
Recommendations
For Apache Hadoop versions 2.2.0 through 2.8.4, update to a version outside of this range to mitigate the risk.
For Apache Hadoop versions 2.9.0 through 2.9.1, update to a version outside of this range to mitigate the risk.
For Apache Hadoop versions 3.0.0-alpha1 through 3.1.0, update to a version outside of this range to mitigate the risk.
Correção
Improper Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Apache Hadoop