PT-2019-4221 · Apache · Apache Hadoop
Duo Zhang
·
Published
2019-05-30
·
Updated
2020-10-08
·
CVE-2018-8029
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Apache Hadoop versions 2.2.0 through 2.8.4
Apache Hadoop versions 2.9.0 through 2.9.1
Apache Hadoop versions 3.0.0-alpha1 through 3.1.0
Description
The issue is related to insufficient access control in the Apache Hadoop platform, which can be exploited by a remote attacker to elevate privileges to the root level and execute arbitrary code. A user who can escalate to the yarn user may be able to run arbitrary commands as the root user.
Recommendations
For Apache Hadoop versions 2.2.0 through 2.8.4, update to a version outside of this range to mitigate the risk.
For Apache Hadoop versions 2.9.0 through 2.9.1, update to a version outside of this range to mitigate the risk.
For Apache Hadoop versions 3.0.0-alpha1 through 3.1.0, update to a version outside of this range to mitigate the risk.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Hadoop