CVE-2018-11766

Name of the Vulnerable Software and Affected Versions: Apache Hadoop versions 2.7.4 through 2.7.6

Description: The issue is related to insecure privilege management in Apache Hadoop, allowing a remote attacker to execute arbitrary commands with root privileges. A user who can escalate to the yarn user may possibly run arbitrary commands as the root user.

Recommendations: For Apache Hadoop versions 2.7.4 through 2.7.6, consider restricting access to the yarn user to minimize the risk of exploitation until a complete security fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.