Apache · Apache Hadoop · CVE-2018-11766
Name of the Vulnerable Software and Affected Versions:
Apache Hadoop versions 2.7.4 through 2.7.6
Description:
The issue is related to insecure privilege management in Apache Hadoop, allowing a remote attacker to execute arbitrary commands with root privileges. A user who can escalate to the yarn user may possibly run arbitrary commands as the root user.
Recommendations:
For Apache Hadoop versions 2.7.4 through 2.7.6, consider restricting access to the yarn user to minimize the risk of exploitation until a complete security fix is applied.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.