All the vulnerabilites related to Apache Software Foundation - Apache Hadoop
cve-2021-37404
Vulnerability from cvelistv5
Published
2022-06-13 07:00
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
Heap buffer overflow in libhdfs native library
References
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220715-0007/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: 2.9.0 to 2.10.1 Version: 3.0.0 to 3.1.4 Version: 3.2.0 to 3.2.2 Version: 3.3.0 to 3.3.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:16:03.989Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "2.9.0 to 2.10.1" }, { "status": "affected", "version": "3.0.0 to 3.1.4" }, { "status": "affected", "version": " 3.2.0 to 3.2.2" }, { "status": "affected", "version": "3.3.0 to 3.3.1" } ] } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Igor Chervatyuk." } ], "descriptions": [ { "lang": "en", "value": "There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher." } ], "metrics": [ { "other": { "content": { "other": "important" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-27T14:00:41.693Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0007/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Heap buffer overflow in libhdfs native library", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-37404", "STATE": "PUBLIC", "TITLE": "Heap buffer overflow in libhdfs native library" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Hadoop", "version": { "version_data": [ { "version_value": "2.9.0 to 2.10.1" }, { "version_value": "3.0.0 to 3.1.4" }, { "version_value": " 3.2.0 to 3.2.2" }, { "version_value": "3.3.0 to 3.3.1" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "This issue was discovered by Igor Chervatyuk." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "important" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787 Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo", "refsource": "MISC", "url": "https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo" }, { "name": "https://security.netapp.com/advisory/ntap-20220715-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220715-0007/" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-37404", "datePublished": "2022-06-13T07:00:16", "dateReserved": "2021-07-23T00:00:00", "dateUpdated": "2024-08-04T01:16:03.989Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25168
Vulnerability from cvelistv5
Published
2022-08-04 14:30
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar
References
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220915-0007/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: 2.0.0 to 2.10.1 Version: 3.0.0-alpha to 3.2.3 Version: 3.3.0 to 3.3.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:36:05.786Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "2.0.0 to 2.10.1" }, { "status": "affected", "version": "3.0.0-alpha to 3.2.3" }, { "status": "affected", "version": "3.3.0 to 3.3.2" } ] } ], "credits": [ { "lang": "en", "value": "Apache Hadoop would like to thank Kostya Kortchinsky for reporting this issue." } ], "descriptions": [ { "lang": "en", "value": "Apache Hadoop\u0027s FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. \"Check existence of file before untarring/zipping\", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136)." } ], "metrics": [ { "other": { "content": { "other": "important" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-26T10:18:58.078Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0007/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar", "workarounds": [ { "lang": "en", "value": "Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136)." } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2022-25168", "STATE": "PUBLIC", "TITLE": "Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Hadoop", "version": { "version_data": [ { "version_value": "2.0.0 to 2.10.1" }, { "version_value": "3.0.0-alpha to 3.2.3" }, { "version_value": "3.3.0 to 3.3.2" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "Apache Hadoop would like to thank Kostya Kortchinsky for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Hadoop\u0027s FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. \"Check existence of file before untarring/zipping\", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136)." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "important" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130", "refsource": "MISC", "url": "https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130" }, { "name": "https://security.netapp.com/advisory/ntap-20220915-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220915-0007/" } ] }, "source": { "discovery": "UNKNOWN" }, "work_around": [ { "lang": "en", "value": "Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136)." } ] } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-25168", "datePublished": "2022-08-04T14:30:17", "dateReserved": "2022-02-15T00:00:00", "dateUpdated": "2024-08-03T04:36:05.786Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-7669
Vulnerability from cvelistv5
Published
2017-06-02 17:00
Modified
2024-08-05 16:12
Severity ?
EPSS score ?
Summary
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98795 | vdb-entry, x_refsource_BID | |
https://mail-archives.apache.org/mod_mbox/hadoop-user/201706.mbox/%3C4A2FDA56-491B-4C2A-915F-C9D4A4BDB92A%40apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: 2.8.0 Version: 3.0.0-alpha1 and 3.0.0-alpha2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:12:27.980Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98795", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98795" }, { "name": "[hadoop-user] 20170602 CVE-2017-7669: Apache Hadoop privilege escalation", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://mail-archives.apache.org/mod_mbox/hadoop-user/201706.mbox/%3C4A2FDA56-491B-4C2A-915F-C9D4A4BDB92A%40apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "2.8.0" }, { "status": "affected", "version": "3.0.0-alpha1 and 3.0.0-alpha2" } ] } ], "datePublic": "2017-06-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root." } ], "problemTypes": [ { "descriptions": [ { "description": "Privilege escalation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-05T13:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "98795", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98795" }, { "name": "[hadoop-user] 20170602 CVE-2017-7669: Apache Hadoop privilege escalation", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://mail-archives.apache.org/mod_mbox/hadoop-user/201706.mbox/%3C4A2FDA56-491B-4C2A-915F-C9D4A4BDB92A%40apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2017-7669", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Hadoop", "version": { "version_data": [ { "version_value": "2.8.0" }, { "version_value": "3.0.0-alpha1 and 3.0.0-alpha2" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Privilege escalation" } ] } ] }, "references": { "reference_data": [ { "name": "98795", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98795" }, { "name": "[hadoop-user] 20170602 CVE-2017-7669: Apache Hadoop privilege escalation", "refsource": "MLIST", "url": "https://mail-archives.apache.org/mod_mbox/hadoop-user/201706.mbox/%3C4A2FDA56-491B-4C2A-915F-C9D4A4BDB92A%40apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-7669", "datePublished": "2017-06-02T17:00:00", "dateReserved": "2017-04-11T00:00:00", "dateUpdated": "2024-08-05T16:12:27.980Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-23454
Vulnerability from cvelistv5
Published
2024-09-25 07:45
Modified
2024-11-05 20:09
Severity ?
EPSS score ?
Summary
Apache Hadoop: Temporary File Local Information Disclosure
References
▼ | URL | Tags |
---|---|---|
https://issues.apache.org/jira/browse/HADOOP-19031 | issue-tracking | |
https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: 0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-11-01T17:03:09.837Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/09/25/1" }, { "url": "https://security.netapp.com/advisory/ntap-20241101-0002/" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-23454", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-25T15:19:22.767501Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-05T20:09:52.739Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "3.4.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Andrea Cosentino" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eApache Hadoop\u2019s RunJar.run()\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edoes not set permissions for temporary directory\u0026nbsp;by default. I\u003c/span\u003e\u003c/span\u003ef sensitive data will be present in this file, all the other local users may be able to view the content.\nThis is because, on unix-like systems, the system temporary directory is\nshared between all local users. As such, files written in this directory,\nwithout setting the correct posix permissions explicitly, may be viewable\nby all other local users.\n\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "Apache Hadoop\u2019s RunJar.run()\u00a0does not set permissions for temporary directory\u00a0by default. If sensitive data will be present in this file, all the other local users may be able to view the content.\nThis is because, on unix-like systems, the system temporary directory is\nshared between all local users. As such, files written in this directory,\nwithout setting the correct posix permissions explicitly, may be viewable\nby all other local users." } ], "metrics": [ { "other": { "content": { "text": "low" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-25T07:45:43.496Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "issue-tracking" ], "url": "https://issues.apache.org/jira/browse/HADOOP-19031" }, { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs" } ], "source": { "defect": [ "HADOOP-19031" ], "discovery": "UNKNOWN" }, "title": "Apache Hadoop: Temporary File Local Information Disclosure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2024-23454", "datePublished": "2024-09-25T07:45:43.496Z", "dateReserved": "2024-01-17T09:57:28.086Z", "dateUpdated": "2024-11-05T20:09:52.739Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-5001
Vulnerability from cvelistv5
Published
2017-08-30 19:00
Modified
2024-09-16 19:51
Severity ?
EPSS score ?
Summary
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94950 | vdb-entry, x_refsource_BID | |
http://seclists.org/oss-sec/2016/q4/698 | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a%40%3Cuser.flink.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: 2.1.0 to 2.6.3 Version: 2.7.0 to 2.7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T00:46:40.220Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94950", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94950" }, { "name": "[oss-security] 20161216 [SECURITY] CVE-2016-5001: Apache Hadoop Information Disclosure", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://seclists.org/oss-sec/2016/q4/698" }, { "name": "[flink-user] 20210703 Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a%40%3Cuser.flink.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "2.1.0 to 2.6.3" }, { "status": "affected", "version": "2.7.0 to 2.7.1" } ] } ], "datePublic": "2016-12-16T00:00:00", "descriptions": [ { "lang": "en", "value": "This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-03T20:06:17", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "94950", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94950" }, { "name": "[oss-security] 20161216 [SECURITY] CVE-2016-5001: Apache Hadoop Information Disclosure", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://seclists.org/oss-sec/2016/q4/698" }, { "name": "[flink-user] 20210703 Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a%40%3Cuser.flink.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2016-12-16T00:00:00", "ID": "CVE-2016-5001", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Hadoop", "version": { "version_data": [ { "version_value": "2.1.0 to 2.6.3" }, { "version_value": "2.7.0 to 2.7.1" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "94950", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94950" }, { "name": "[oss-security] 20161216 [SECURITY] CVE-2016-5001: Apache Hadoop Information Disclosure", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2016/q4/698" }, { "name": "[flink-user] 20210703 Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a@%3Cuser.flink.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2016-5001", "datePublished": "2017-08-30T19:00:00Z", "dateReserved": "2016-05-24T00:00:00", "dateUpdated": "2024-09-16T19:51:02.745Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-8009
Vulnerability from cvelistv5
Published
2018-11-13 21:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:46:11.567Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://snyk.io/research/zip-slip-vulnerability" }, { "name": "105927", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105927" }, { "name": "[hadoop-user] 20181122 CVE-2018-8009: Apache Hadoop distributed cache archive vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d%40%3Cuser.hadoop.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop" }, { "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "name": "RHSA-2019:3892", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "name": "[druid-commits] 20201008 [druid] branch master updated: Suppress CVE-2018-11765 for hadoop dependencies (#10485)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510%40%3Ccommits.druid.apache.org%3E" }, { "name": "[druid-commits] 20201008 [druid] branch 0.20.0 updated: Suppress CVE-2018-11765 for hadoop dependencies (#10485) (#10492)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a%40%3Ccommits.druid.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11" } ] } ], "datePublic": "2018-11-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Command Execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-08T09:06:11", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://snyk.io/research/zip-slip-vulnerability" }, { "name": "105927", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105927" }, { "name": "[hadoop-user] 20181122 CVE-2018-8009: Apache Hadoop distributed cache archive vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d%40%3Cuser.hadoop.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop" }, { "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "name": "RHSA-2019:3892", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "name": "[druid-commits] 20201008 [druid] branch master updated: Suppress CVE-2018-11765 for hadoop dependencies (#10485)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510%40%3Ccommits.druid.apache.org%3E" }, { "name": "[druid-commits] 20201008 [druid] branch 0.20.0 updated: Suppress CVE-2018-11765 for hadoop dependencies (#10485) (#10492)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a%40%3Ccommits.druid.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2018-8009", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Hadoop", "version": { "version_data": [ { "version_value": "Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Command Execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://snyk.io/research/zip-slip-vulnerability", "refsource": "MISC", "url": "https://snyk.io/research/zip-slip-vulnerability" }, { "name": "105927", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105927" }, { "name": "[hadoop-user] 20181122 CVE-2018-8009: Apache Hadoop distributed cache archive vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E" }, { "name": "https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop", "refsource": "MISC", "url": "https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop" }, { "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "name": "RHSA-2019:3892", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "name": "[druid-commits] 20201008 [druid] branch master updated: Suppress CVE-2018-11765 for hadoop dependencies (#10485)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E" }, { "name": "[druid-commits] 20201008 [druid] branch 0.20.0 updated: Suppress CVE-2018-11765 for hadoop dependencies (#10485) (#10492)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-8009", "datePublished": "2018-11-13T21:00:00", "dateReserved": "2018-03-09T00:00:00", "dateUpdated": "2024-08-05T06:46:11.567Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26031
Vulnerability from cvelistv5
Published
2023-11-16 08:15
Modified
2024-08-02 11:39
Severity ?
EPSS score ?
Summary
Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems
References
▼ | URL | Tags |
---|---|---|
https://issues.apache.org/jira/browse/YARN-11441 | issue-tracking | |
https://hadoop.apache.org/cve_list.html | vendor-advisory | |
https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r | vendor-advisory | |
https://security.netapp.com/advisory/ntap-20240112-0001/ |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: 3.3.1 ≤ |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:apache:hadoop:3.3.1:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "hadoop", "vendor": "apache", "versions": [ { "lessThan": "3.3.5", "status": "affected", "version": "3.3.1", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-26031", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-19T03:55:27.490258Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-29T13:09:24.015Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T11:39:06.596Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://issues.apache.org/jira/browse/YARN-11441" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://hadoop.apache.org/cve_list.html" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240112-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "3.3.5", "status": "affected", "version": "3.3.1", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The owner of the\u0026nbsp;container-executor binary must be set to \"root\" and suid set bit such that callers would execute the binary as root. These operations are a requirement for \"YARN Secure Containers\".\u003cbr\u003e \u003cbr\u003eIn an installation using the hadoop.tar.gz file the binary\u0027s owner is that of the installing user, and without the suid permission is not at risk. \u003cbr\u003e\u003cbr\u003eHowever, Apache BIgtop installations set the owner and permissions such that installations may be vulnerable\u003cbr\u003e\u003cbr\u003eThe container-executor\u0026nbsp;binary is only vulnerable on some Hadoop/Bigtop releases. It is possible to verify whether a version is vulnerable using the readelf command." } ], "value": "The owner of the\u00a0container-executor binary must be set to \"root\" and suid set bit such that callers would execute the binary as root. These operations are a requirement for \"YARN Secure Containers\".\n \nIn an installation using the hadoop.tar.gz file the binary\u0027s owner is that of the installing user, and without the suid permission is not at risk. \n\nHowever, Apache BIgtop installations set the owner and permissions such that installations may be vulnerable\n\nThe container-executor\u00a0binary is only vulnerable on some Hadoop/Bigtop releases. It is possible to verify whether a version is vulnerable using the readelf command." } ], "credits": [ { "lang": "en", "type": "finder", "value": "Esa Hiltunen" }, { "lang": "en", "type": "finder", "value": "Mikko Kortelainen" }, { "lang": "en", "type": "sponsor", "value": "The Teragrep Project" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cbr\u003eRelative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges.\u003cbr\u003e\u003cbr\u003eHadoop 3.3.0 updated the \"\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html\"\u003eYARN Secure Containers\u003c/a\u003e\" to add a feature for executing user-submitted applications in isolated linux containers.\u003cbr\u003e\u003cbr\u003eThe native binary HADOOP_HOME/bin/container-executor is used to launch these containers; it must be owned by root and have the suid bit set in order for the YARN processes to run the containers as the specific users submitting the jobs.\u003cbr\u003e\u003cbr\u003eThe patch \"\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://issues.apache.org/jira/browse/YARN-10495\"\u003eYARN-10495\u003c/a\u003e. make the rpath of container-executor configurable\" modified the library loading path for loading .so files from \"$ORIGIN/\" to \"\"$ORIGIN/:../lib/native/\". This is the a path through which libcrypto.so is located. Thus it is is possible for a user with reduced privileges to install a malicious libcrypto library into a path to which they have write access, invoke the container-executor command, and have their modified library executed as root.\u003cbr\u003eIf the YARN cluster is accepting work from remote (authenticated) users, and these users\u0027 submitted job are executed in the physical host, rather than a container, then the CVE permits remote users to gain root privileges.\u003cbr\u003e\u003cbr\u003eThe fix for the vulnerability is to revert the change, which is done in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://issues.apache.org/jira/browse/YARN-11441\"\u003eYARN-11441\u003c/a\u003e, \"Revert YARN-10495\". This patch is in hadoop-3.3.5.\u003cbr\u003e\u003cbr\u003eTo determine whether a version of container-executor is vulnerable, use the readelf command. If the RUNPATH or RPATH value contains the relative path \"./lib/native/\" then it is at risk\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e$ readelf -d container-executor|grep \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0027RUNPATH\\|RPATH\u0027\u003c/span\u003e \u003cbr\u003e0x000000000000001d (RUNPATH) \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Library runpath: [$ORIGIN/:../lib/native/]\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eIf it does not, then it is safe:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e$ readelf -d container-executor|grep \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0027RUNPATH\\|RPATH\u0027\u003c/span\u003e \u003cbr\u003e0x000000000000001d (RUNPATH) \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Library runpath: [$ORIGIN/]\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eFor an at-risk version of container-executor to enable privilege escalation, the owner must be root and the suid bit must be set\u003cbr\u003e\u003ctt\u003e\u003cbr\u003e$ ls -laF /opt/hadoop/bin/container-executor\u003cbr\u003e---Sr-s---. 1 root hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eA safe installation lacks the suid bit; ideally is also not owned by root.\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e$ ls -laF /opt/hadoop/bin/container-executor\u003cbr\u003e-rwxr-xr-x. 1 yarn hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eThis configuration does not support Yarn Secure Containers, but all other hadoop services, including YARN job execution outside secure containers continue to work.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges.\n\nHadoop 3.3.0 updated the \" YARN Secure Containers https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html \" to add a feature for executing user-submitted applications in isolated linux containers.\n\nThe native binary HADOOP_HOME/bin/container-executor is used to launch these containers; it must be owned by root and have the suid bit set in order for the YARN processes to run the containers as the specific users submitting the jobs.\n\nThe patch \" YARN-10495 https://issues.apache.org/jira/browse/YARN-10495 . make the rpath of container-executor configurable\" modified the library loading path for loading .so files from \"$ORIGIN/\" to \"\"$ORIGIN/:../lib/native/\". This is the a path through which libcrypto.so is located. Thus it is is possible for a user with reduced privileges to install a malicious libcrypto library into a path to which they have write access, invoke the container-executor command, and have their modified library executed as root.\nIf the YARN cluster is accepting work from remote (authenticated) users, and these users\u0027 submitted job are executed in the physical host, rather than a container, then the CVE permits remote users to gain root privileges.\n\nThe fix for the vulnerability is to revert the change, which is done in YARN-11441 https://issues.apache.org/jira/browse/YARN-11441 , \"Revert YARN-10495\". This patch is in hadoop-3.3.5.\n\nTo determine whether a version of container-executor is vulnerable, use the readelf command. If the RUNPATH or RPATH value contains the relative path \"./lib/native/\" then it is at risk\n\n$ readelf -d container-executor|grep \u0027RUNPATH\\|RPATH\u0027 \n0x000000000000001d (RUNPATH) \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Library runpath: [$ORIGIN/:../lib/native/]\n\nIf it does not, then it is safe:\n\n$ readelf -d container-executor|grep \u0027RUNPATH\\|RPATH\u0027 \n0x000000000000001d (RUNPATH) \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Library runpath: [$ORIGIN/]\n\nFor an at-risk version of container-executor to enable privilege escalation, the owner must be root and the suid bit must be set\n\n$ ls -laF /opt/hadoop/bin/container-executor\n---Sr-s---. 1 root hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor\n\nA safe installation lacks the suid bit; ideally is also not owned by root.\n\n$ ls -laF /opt/hadoop/bin/container-executor\n-rwxr-xr-x. 1 yarn hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor\n\nThis configuration does not support Yarn Secure Containers, but all other hadoop services, including YARN job execution outside secure containers continue to work.\n\n" } ], "metrics": [ { "other": { "content": { "text": "critical" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T08:31:44.591Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "issue-tracking" ], "url": "https://issues.apache.org/jira/browse/YARN-11441" }, { "tags": [ "vendor-advisory" ], "url": "https://hadoop.apache.org/cve_list.html" }, { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r" }, { "url": "https://security.netapp.com/advisory/ntap-20240112-0001/" } ], "source": { "defect": [ "YARN-11441" ], "discovery": "EXTERNAL" }, "title": "Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003col\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eUpgrade to Apache Hadoop 3.3.5\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eIf\u0026nbsp;Yarn Secure Containers are not required, remove all execute permissions on bin/container-executor ; change its owner from root, or simply delete it.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eIf Yarn Secure Containers are required on a vulnerable release and upgrade is not possible, replace the container-executor\u0026nbsp;binary with that of the 3.3.5 release.\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ol\u003eAs most Hadoop installations do not use Yarn Secure Containers, removing execute permissions from the container-executor binary a is sufficient to secure the systems; deletion ensures that no security scanners will report the issue." } ], "value": " * Upgrade to Apache Hadoop 3.3.5\n * If\u00a0Yarn Secure Containers are not required, remove all execute permissions on bin/container-executor ; change its owner from root, or simply delete it.\n * If Yarn Secure Containers are required on a vulnerable release and upgrade is not possible, replace the container-executor\u00a0binary with that of the 3.3.5 release.\n\nAs most Hadoop installations do not use Yarn Secure Containers, removing execute permissions from the container-executor binary a is sufficient to secure the systems; deletion ensures that no security scanners will report the issue." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-26031", "datePublished": "2023-11-16T08:15:50.808Z", "dateReserved": "2023-02-17T19:39:48.891Z", "dateUpdated": "2024-08-02T11:39:06.596Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-3086
Vulnerability from cvelistv5
Published
2017-09-05 13:00
Modified
2024-09-16 17:13
Severity ?
EPSS score ?
Summary
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/95335 | vdb-entry, x_refsource_BID | |
http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: 2.6.0 to 2.6.4 Version: 2.7.0 to 2.7.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:40:15.614Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "95335", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95335" }, { "name": "[hadoop-general] 20170110 [SECURITY] CVE-2016-3086: Apache Hadoop YARN NodeManager vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "2.6.0 to 2.6.4" }, { "status": "affected", "version": "2.7.0 to 2.7.2" } ] } ], "datePublic": "2017-01-10T00:00:00", "descriptions": [ { "lang": "en", "value": "The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-06T09:57:02", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "95335", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95335" }, { "name": "[hadoop-general] 20170110 [SECURITY] CVE-2016-3086: Apache Hadoop YARN NodeManager vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2017-01-10T00:00:00", "ID": "CVE-2016-3086", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Hadoop", "version": { "version_data": [ { "version_value": "2.6.0 to 2.6.4" }, { "version_value": "2.7.0 to 2.7.2" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "95335", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95335" }, { "name": "[hadoop-general] 20170110 [SECURITY] CVE-2016-3086: Apache Hadoop YARN NodeManager vulnerability", "refsource": "MLIST", "url": "http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2016-3086", "datePublished": "2017-09-05T13:00:00Z", "dateReserved": "2016-03-10T00:00:00", "dateUpdated": "2024-09-16T17:13:54.507Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-15718
Vulnerability from cvelistv5
Published
2018-01-24 14:00
Modified
2024-09-17 03:02
Severity ?
EPSS score ?
Summary
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.
References
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread.html/773c93c2d8a6a52bbe97610c2b1c2ad205b970e1b8c04fb5b2fccad6%40%3Cgeneral.hadoop.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: 2.7.3 to 2.7.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:04:49.499Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[general] 20180124 CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/773c93c2d8a6a52bbe97610c2b1c2ad205b970e1b8c04fb5b2fccad6%40%3Cgeneral.hadoop.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "2.7.3 to 2.7.4" } ] } ], "datePublic": "2018-01-24T00:00:00", "descriptions": [ { "lang": "en", "value": "The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-24T13:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "[general] 20180124 CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/773c93c2d8a6a52bbe97610c2b1c2ad205b970e1b8c04fb5b2fccad6%40%3Cgeneral.hadoop.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-01-24T00:00:00", "ID": "CVE-2017-15718", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Hadoop", "version": { "version_data": [ { "version_value": "2.7.3 to 2.7.4" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "[general] 20180124 CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/773c93c2d8a6a52bbe97610c2b1c2ad205b970e1b8c04fb5b2fccad6@%3Cgeneral.hadoop.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-15718", "datePublished": "2018-01-24T14:00:00Z", "dateReserved": "2017-10-21T00:00:00", "dateUpdated": "2024-09-17T03:02:11.843Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-11766
Vulnerability from cvelistv5
Published
2018-11-27 14:00
Modified
2024-08-05 08:17
Severity ?
EPSS score ?
Summary
In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106035 | vdb-entry, x_refsource_BID | |
https://lists.apache.org/thread.html/ff37bbbe09d5f03090e2dd2c3dea95de16ef4249e731f19b8959ce4c%40%3Cgeneral.hadoop.apache.org%3E | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: Apache Hadoop 2.7.4 to 2.7.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T08:17:09.256Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106035", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106035" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ff37bbbe09d5f03090e2dd2c3dea95de16ef4249e731f19b8959ce4c%40%3Cgeneral.hadoop.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "Apache Hadoop 2.7.4 to 2.7.6" } ] } ], "datePublic": "2018-11-27T00:00:00", "descriptions": [ { "lang": "en", "value": "In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user." } ], "problemTypes": [ { "descriptions": [ { "description": "Privilege Escalation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-29T10:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "106035", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106035" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread.html/ff37bbbe09d5f03090e2dd2c3dea95de16ef4249e731f19b8959ce4c%40%3Cgeneral.hadoop.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2018-11766", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Hadoop", "version": { "version_data": [ { "version_value": "Apache Hadoop 2.7.4 to 2.7.6" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Privilege Escalation" } ] } ] }, "references": { "reference_data": [ { "name": "106035", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106035" }, { "name": "https://lists.apache.org/thread.html/ff37bbbe09d5f03090e2dd2c3dea95de16ef4249e731f19b8959ce4c@%3Cgeneral.hadoop.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/ff37bbbe09d5f03090e2dd2c3dea95de16ef4249e731f19b8959ce4c@%3Cgeneral.hadoop.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-11766", "datePublished": "2018-11-27T14:00:00", "dateReserved": "2018-06-05T00:00:00", "dateUpdated": "2024-08-05T08:17:09.256Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-33036
Vulnerability from cvelistv5
Published
2022-06-15 14:25
Modified
2024-08-03 23:42
Severity ?
EPSS score ?
Summary
Apache Hadoop Privilege escalation vulnerability
References
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2022/06/15/2 | mailing-list, x_refsource_MLIST | |
https://security.netapp.com/advisory/ntap-20220722-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:42:19.282Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5" }, { "name": "[oss-security] 20220615 CVE-2021-33036: Apache Hadoop Privilege escalation vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/06/15/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220722-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1" } ] } ], "credits": [ { "lang": "en", "value": "Apache Hadoop would like to thank Hideyuki Furue for reporting and fixing this issue." } ], "descriptions": [ { "lang": "en", "value": "In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher." } ], "metrics": [ { "other": { "content": { "other": "Critical" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-264", "description": "CWE-264 Permissions, Privileges, and Access Controls", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-24", "description": "CWE-24 Path Traversal: \u0027../filedir\u0027", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-22T18:07:41", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5" }, { "name": "[oss-security] 20220615 CVE-2021-33036: Apache Hadoop Privilege escalation vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/06/15/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220722-0003/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Apache Hadoop Privilege escalation vulnerability", "workarounds": [ { "lang": "en", "value": "If you are using the affected version of Apache Hadoop and some users can escalate to yarn user and cannot escalate to root user, remove the permission to escalate to yarn user from them." } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-33036", "STATE": "PUBLIC", "TITLE": "Apache Hadoop Privilege escalation vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Hadoop", "version": { "version_data": [ { "version_affected": "=", "version_value": "2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "Apache Hadoop would like to thank Hideyuki Furue for reporting and fixing this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "Critical" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-264 Permissions, Privileges, and Access Controls" } ] }, { "description": [ { "lang": "eng", "value": "CWE-24 Path Traversal: \u0027../filedir\u0027" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5", "refsource": "MISC", "url": "https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5" }, { "name": "[oss-security] 20220615 CVE-2021-33036: Apache Hadoop Privilege escalation vulnerability", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/06/15/2" }, { "name": "https://security.netapp.com/advisory/ntap-20220722-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220722-0003/" } ] }, "source": { "discovery": "UNKNOWN" }, "work_around": [ { "lang": "en", "value": "If you are using the affected version of Apache Hadoop and some users can escalate to yarn user and cannot escalate to root user, remove the permission to escalate to yarn user from them." } ] } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-33036", "datePublished": "2022-06-15T14:25:14", "dateReserved": "2021-05-17T00:00:00", "dateUpdated": "2024-08-03T23:42:19.282Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-3162
Vulnerability from cvelistv5
Published
2017-04-26 20:00
Modified
2024-08-05 14:16
Severity ?
EPSS score ?
Summary
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98017 | vdb-entry, x_refsource_BID | |
https://s.apache.org/k2ss | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/r127f75748fcabc63bc5a1bec6885753eb9b2bed803b6ed7bd46f965b%40%3Cuser.hadoop.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a%40%3Cuser.flink.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: 2.6.x and earlier |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:16:28.315Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98017", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98017" }, { "name": "[hadoop-common-dev] 20170425 CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://s.apache.org/k2ss" }, { "name": "[hadoop-user] 20200604 Re: CVE-2017-3161 \u0026 CVE-2017-3162 | WhiteSource", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r127f75748fcabc63bc5a1bec6885753eb9b2bed803b6ed7bd46f965b%40%3Cuser.hadoop.apache.org%3E" }, { "name": "[flink-user] 20210703 Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a%40%3Cuser.flink.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "2.6.x and earlier" } ] } ], "datePublic": "2017-04-25T00:00:00", "descriptions": [ { "lang": "en", "value": "HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0." } ], "problemTypes": [ { "descriptions": [ { "description": "Unchecked parameter in query string", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-03T20:06:12", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "98017", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98017" }, { "name": "[hadoop-common-dev] 20170425 CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://s.apache.org/k2ss" }, { "name": "[hadoop-user] 20200604 Re: CVE-2017-3161 \u0026 CVE-2017-3162 | WhiteSource", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r127f75748fcabc63bc5a1bec6885753eb9b2bed803b6ed7bd46f965b%40%3Cuser.hadoop.apache.org%3E" }, { "name": "[flink-user] 20210703 Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a%40%3Cuser.flink.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2017-3162", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Hadoop", "version": { "version_data": [ { "version_value": "2.6.x and earlier" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Unchecked parameter in query string" } ] } ] }, "references": { "reference_data": [ { "name": "98017", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98017" }, { "name": "[hadoop-common-dev] 20170425 CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability", "refsource": "MLIST", "url": "https://s.apache.org/k2ss" }, { "name": "[hadoop-user] 20200604 Re: CVE-2017-3161 \u0026 CVE-2017-3162 | WhiteSource", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r127f75748fcabc63bc5a1bec6885753eb9b2bed803b6ed7bd46f965b@%3Cuser.hadoop.apache.org%3E" }, { "name": "[flink-user] 20210703 Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a@%3Cuser.flink.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-3162", "datePublished": "2017-04-26T20:00:00", "dateReserved": "2016-12-05T00:00:00", "dateUpdated": "2024-08-05T14:16:28.315Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1296
Vulnerability from cvelistv5
Published
2019-02-07 22:00
Modified
2024-09-16 19:47
Severity ?
EPSS score ?
Summary
In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106764 | vdb-entry, x_refsource_BID | |
https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e%40%3Cuser.hadoop.apache.org%3E | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, 2.5.0 to 2.7.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:59:37.655Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106764", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106764" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e%40%3Cuser.hadoop.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, 2.5.0 to 2.7.5" } ] } ], "datePublic": "2019-01-24T00:00:00", "descriptions": [ { "lang": "en", "value": "In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-02-09T10:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "106764", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106764" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e%40%3Cuser.hadoop.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2019-01-24T00:00:00", "ID": "CVE-2018-1296", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Hadoop", "version": { "version_data": [ { "version_value": "Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, 2.5.0 to 2.7.5" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "106764", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106764" }, { "name": "https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e@%3Cuser.hadoop.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e@%3Cuser.hadoop.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-1296", "datePublished": "2019-02-07T22:00:00Z", "dateReserved": "2017-12-07T00:00:00", "dateUpdated": "2024-09-16T19:47:24.798Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26612
Vulnerability from cvelistv5
Published
2022-04-07 18:20
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
Arbitrary file write in FileUtil#unpackEntries on Windows
References
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220519-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: unspecified < 3.2.3 Version: 3.3.1 Version: 3.3.2 Patch: 3.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:43.529Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220519-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "Windows" ], "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "3.2.3", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "status": "affected", "version": "3.3.1" }, { "status": "affected", "version": "3.3.2" }, { "lessThan": "All*", "status": "unaffected", "version": "3.4", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "This issue was reported by a member of GitHub Security Lab, Jaroslav Loba\u010devski (https://github.com/JarLob)." } ], "descriptions": [ { "lang": "en", "value": "In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn\u0027t resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3" } ], "metrics": [ { "other": { "content": { "other": "high" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-19T19:06:26", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220519-0004/" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2022-02-09T00:00:00", "value": "Issue was reported to Apache Hadoop security team." }, { "lang": "en", "time": "2022-02-17T00:00:00", "value": "First iteration of the fix was proposed." }, { "lang": "en", "time": "2022-02-21T00:00:00", "value": "Involved the Github Security team for reviewing the fix." }, { "lang": "en", "time": "2022-02-24T00:00:00", "value": "Second iteration of the fix was proposed." }, { "lang": "en", "time": "2022-03-08T00:00:00", "value": "Third iteration of the fix was proposed." }, { "lang": "en", "time": "2022-03-10T00:00:00", "value": "Issue was fixed and committed to the trunk branch." }, { "lang": "en", "time": "2022-04-01T00:00:00", "value": "Requested review of the announcement from the reporter." }, { "lang": "en", "time": "2022-04-07T00:00:00", "value": "Announcement review by the reporter completed." } ], "title": "Arbitrary file write in FileUtil#unpackEntries on Windows", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2022-26612", "STATE": "PUBLIC", "TITLE": "Arbitrary file write in FileUtil#unpackEntries on Windows" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Hadoop", "version": { "version_data": [ { "platform": "Windows", "version_affected": "\u003c", "version_value": "3.2.3" }, { "platform": "Windows", "version_affected": "=", "version_value": "3.3.1" }, { "platform": "Windows", "version_affected": "=", "version_value": "3.3.2" }, { "platform": "Windows", "version_affected": "!\u003e=", "version_name": "All", "version_value": "3.4" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "This issue was reported by a member of GitHub Security Lab, Jaroslav Loba\u010devski (https://github.com/JarLob)." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn\u0027t resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "high" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz", "refsource": "MISC", "url": "https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz" }, { "name": "https://security.netapp.com/advisory/ntap-20220519-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220519-0004/" } ] }, "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2022-02-09T00:00:00", "value": "Issue was reported to Apache Hadoop security team." }, { "lang": "en", "time": "2022-02-17T00:00:00", "value": "First iteration of the fix was proposed." }, { "lang": "en", "time": "2022-02-21T00:00:00", "value": "Involved the Github Security team for reviewing the fix." }, { "lang": "en", "time": "2022-02-24T00:00:00", "value": "Second iteration of the fix was proposed." }, { "lang": "en", "time": "2022-03-08T00:00:00", "value": "Third iteration of the fix was proposed." }, { "lang": "en", "time": "2022-03-10T00:00:00", "value": "Issue was fixed and committed to the trunk branch." }, { "lang": "en", "time": "2022-04-01T00:00:00", "value": "Requested review of the announcement from the reporter." }, { "lang": "en", "time": "2022-04-07T00:00:00", "value": "Announcement review by the reporter completed." } ] } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-26612", "datePublished": "2022-04-07T18:20:12", "dateReserved": "2022-03-07T00:00:00", "dateUpdated": "2024-08-03T05:11:43.529Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-25642
Vulnerability from cvelistv5
Published
2022-08-25 00:00
Modified
2024-08-03 20:11
Severity ?
EPSS score ?
Summary
Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity scheduler
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: 2.9.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.3, and 3.3.0 to 3.3.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:11:28.113Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221201-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "2.9.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.3, and 3.3.0 to 3.3.3" } ] } ], "credits": [ { "lang": "en", "value": "Apache Hadoop would like to thank Liu Ximing for reporting this issue." } ], "descriptions": [ { "lang": "en", "value": "ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-02T00:00:00", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "url": "https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150" }, { "url": "https://security.netapp.com/advisory/ntap-20221201-0003/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity scheduler", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-25642", "datePublished": "2022-08-25T00:00:00", "dateReserved": "2021-01-20T00:00:00", "dateUpdated": "2024-08-03T20:11:28.113Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-3166
Vulnerability from cvelistv5
Published
2017-11-13 14:00
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.
References
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread.html/2e16689b44bdd1976b6368c143a4017fc7159d1f2d02a5d54fe9310f%40%3Cgeneral.hadoop.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: 2.6.1 to 2.6.5 Version: 2.7.0 to 2.7.3 Version: 3.0.0-alpha1 to 3.0.0-alpha3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:16:28.215Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[general] 20171108 [SECURITY] CVE-2017-3166: Apache Hadoop Privilege escalation vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/2e16689b44bdd1976b6368c143a4017fc7159d1f2d02a5d54fe9310f%40%3Cgeneral.hadoop.apache.org%3E" }, { "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "2.6.1 to 2.6.5" }, { "status": "affected", "version": "2.7.0 to 2.7.3" }, { "status": "affected", "version": "3.0.0-alpha1 to 3.0.0-alpha3" } ] } ], "datePublic": "2017-11-08T00:00:00", "descriptions": [ { "lang": "en", "value": "In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN\u0027s localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file." } ], "problemTypes": [ { "descriptions": [ { "description": "Privilege escalation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-16T01:07:02", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "[general] 20171108 [SECURITY] CVE-2017-3166: Apache Hadoop Privilege escalation vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/2e16689b44bdd1976b6368c143a4017fc7159d1f2d02a5d54fe9310f%40%3Cgeneral.hadoop.apache.org%3E" }, { "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2017-11-08T00:00:00", "ID": "CVE-2017-3166", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Hadoop", "version": { "version_data": [ { "version_value": "2.6.1 to 2.6.5" }, { "version_value": "2.7.0 to 2.7.3" }, { "version_value": "3.0.0-alpha1 to 3.0.0-alpha3" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN\u0027s localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Privilege escalation" } ] } ] }, "references": { "reference_data": [ { "name": "[general] 20171108 [SECURITY] CVE-2017-3166: Apache Hadoop Privilege escalation vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/2e16689b44bdd1976b6368c143a4017fc7159d1f2d02a5d54fe9310f@%3Cgeneral.hadoop.apache.org%3E" }, { "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-3166", "datePublished": "2017-11-13T14:00:00Z", "dateReserved": "2016-12-05T00:00:00", "dateUpdated": "2024-09-16T23:41:26.878Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-3161
Vulnerability from cvelistv5
Published
2017-04-26 20:00
Modified
2024-08-05 14:16
Severity ?
EPSS score ?
Summary
The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98025 | vdb-entry, x_refsource_BID | |
https://s.apache.org/4MQm | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/r127f75748fcabc63bc5a1bec6885753eb9b2bed803b6ed7bd46f965b%40%3Cuser.hadoop.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a%40%3Cuser.flink.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: 2.6.x and earlier |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:16:28.253Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98025", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98025" }, { "name": "[hadoop-common-dev] 20170425 CVE-2017-3161: Apache Hadoop NameNode XSS vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://s.apache.org/4MQm" }, { "name": "[hadoop-user] 20200604 Re: CVE-2017-3161 \u0026 CVE-2017-3162 | WhiteSource", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r127f75748fcabc63bc5a1bec6885753eb9b2bed803b6ed7bd46f965b%40%3Cuser.hadoop.apache.org%3E" }, { "name": "[flink-user] 20210703 Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a%40%3Cuser.flink.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "2.6.x and earlier" } ] } ], "datePublic": "2017-04-25T00:00:00", "descriptions": [ { "lang": "en", "value": "The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "XSS", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-03T20:06:11", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "98025", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98025" }, { "name": "[hadoop-common-dev] 20170425 CVE-2017-3161: Apache Hadoop NameNode XSS vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://s.apache.org/4MQm" }, { "name": "[hadoop-user] 20200604 Re: CVE-2017-3161 \u0026 CVE-2017-3162 | WhiteSource", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r127f75748fcabc63bc5a1bec6885753eb9b2bed803b6ed7bd46f965b%40%3Cuser.hadoop.apache.org%3E" }, { "name": "[flink-user] 20210703 Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a%40%3Cuser.flink.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2017-3161", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Hadoop", "version": { "version_data": [ { "version_value": "2.6.x and earlier" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "XSS" } ] } ] }, "references": { "reference_data": [ { "name": "98025", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98025" }, { "name": "[hadoop-common-dev] 20170425 CVE-2017-3161: Apache Hadoop NameNode XSS vulnerability", "refsource": "MLIST", "url": "https://s.apache.org/4MQm" }, { "name": "[hadoop-user] 20200604 Re: CVE-2017-3161 \u0026 CVE-2017-3162 | WhiteSource", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r127f75748fcabc63bc5a1bec6885753eb9b2bed803b6ed7bd46f965b@%3Cuser.hadoop.apache.org%3E" }, { "name": "[flink-user] 20210703 Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a@%3Cuser.flink.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-3161", "datePublished": "2017-04-26T20:00:00", "dateReserved": "2016-12-05T00:00:00", "dateUpdated": "2024-08-05T14:16:28.253Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-15713
Vulnerability from cvelistv5
Published
2018-01-19 17:00
Modified
2024-09-17 04:08
Severity ?
EPSS score ?
Summary
Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.
References
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Hadoop |
Version: 0.23.0 to 0.23.11 Version: 2.0.0-alpha to 2.8.2 Version: 3.0.0-alpha to 3.0.0-beta1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:04:49.292Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[general] 20180119 CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "0.23.0 to 0.23.11" }, { "status": "affected", "version": "2.0.0-alpha to 2.8.2" }, { "status": "affected", "version": "3.0.0-alpha to 3.0.0-beta1" } ] } ], "datePublic": "2018-01-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-19T16:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "[general] 20180119 CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-01-19T00:00:00", "ID": "CVE-2017-15713", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Hadoop", "version": { "version_data": [ { "version_value": "0.23.0 to 0.23.11" }, { "version_value": "2.0.0-alpha to 2.8.2" }, { "version_value": "3.0.0-alpha to 3.0.0-beta1" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "[general] 20180119 CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-15713", "datePublished": "2018-01-19T17:00:00Z", "dateReserved": "2017-10-21T00:00:00", "dateUpdated": "2024-09-17T04:08:48.075Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }