1. CVE-Search
  2. CVE-2018-8029
ID CVE-2018-8029
Summary In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:hadoop:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:2.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:2.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:3.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:3.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hadoop:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hadoop:3.1.0:*:*:*:*:*:*:*
CVSS
Base: 9.0 (as of 08-10-2020 - 10:15)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:C/I:C/A:C
refmap via4
bid 108518
confirm
mlist
  • [druid-commits] 20201008 [druid] branch 0.20.0 updated: Suppress CVE-2018-11765 for hadoop dependencies (#10485) (#10492)
  • [druid-commits] 20201008 [druid] branch master updated: Suppress CVE-2018-11765 for hadoop dependencies (#10485)
  • [hbase-dev] 20190603 [jira] [Resolved] (HBASE-22499) Drop the support for several hadoop releases due to CVE-2018-8029
  • [hbase-issues] 20190530 [jira] [Commented] (HBASE-22499) Drop the support for several hadoop releases due to CVE-2018-8029
  • [hbase-issues] 20190603 [jira] [Resolved] (HBASE-22499) Drop the support for several hadoop releases due to CVE-2018-8029
Last major update 08-10-2020 - 10:15
Published 30-05-2019 - 16:29
Last modified 08-10-2020 - 10:15
Back to Top