CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2021-25642 – Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity scheduler
https://notcve.org/view.php?id=CVE-2021-25642
25 Aug 2022 — ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used. ZKConfigurationStore que es usado opcionalmente por CapacityScheduler de Apache Hadoop YARN de serializa los datos obtenidos de ZooKeeper... • https://github.com/safe3s/CVE-2021-25642 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-25168 – Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar
https://notcve.org/view.php?id=CVE-2022-25168
04 Aug 2022 — Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. • https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33036 – Apache Hadoop Privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2021-33036
15 Jun 2022 — In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. En Apache Hadoop versiones 2.2.0 a 2.10.1, 3.0.0-alpha1 a 3.1.4, 3.2.0 a 3.2.2 y 3.3.0 a 3.3.1, un usuario que puede escalar a usuario hilo puede ejecutar posiblemente comandos arbitrarios como usuario root. Los usuarios deben actualizar a Apache Hadoop versione... • http://www.openwall.com/lists/oss-security/2022/06/15/2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37404 – Heap buffer overflow in libhdfs native library
https://notcve.org/view.php?id=CVE-2021-37404
13 Jun 2022 — There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. Se presenta un potencial desbordamiento del búfer de la pila en el código nativo de Apache Hadoop libhdfs. La apertura de una ruta de archivo proporcionada por el usuario sin que sea comprobada puede resultar en una denegación de servicio o un... • https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-26612 – Arbitrary file write in FileUtil#unpackEntries on Windows
https://notcve.org/view.php?id=CVE-2022-26612
07 Apr 2022 — In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't ... • https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-9492 – hadoop: WebHDFS client might send SPNEGO authorization header
https://notcve.org/view.php?id=CVE-2020-9492
26 Jan 2021 — In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. En Apache Hadoop versiones 3.2.0 hasta 3.2.1, versiones 3.0.0-alpha1 hasta 3.1.3 y versiones 2.0.0-alpha hasta 2.10.0, el cliente WebHDFS puede enviar el encabezado de autorización SPNEGO hacia una URL remota sin la comprobación apropiada A flaw was found in Apache hadoop. The WebHDFS client can send a SPNEGO authorization header ... • https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429%40%3Ccommits.druid.apache.org%3E • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-11764
https://notcve.org/view.php?id=CVE-2018-11764
21 Oct 2020 — Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured. Una comprobación de autenticación de endpoint web no funciona en Apache Hadoop versiones 3.0.0-alpha4, 3.0.0-beta1 y 3.0.0. Los usuarios autenticados pueden hacerse pasar por cualquier usuario incluso si ningún usuario proxy es configurado • https://lists.apache.org/thread.html/r790ad0a049cde713b93589ecfd4dd2766fda0fc6807eedb6cf69f5c1%40%3Cgeneral.hadoop.apache.org%3E • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11765
https://notcve.org/view.php?id=CVE-2018-11765
30 Sep 2020 — In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled. En las versiones de Apache Hadoop versiones 3.0.0-alpha2 hasta 3.0.0, versiones 2.9.0 hasta 2.9.2, versiones 2.8.0 hasta 2.8.5, cualquier usuario puede acceder a algunos servlets sin autenticación cuando la autenticación Kerberos está habilitada y SPNEGO por medio de HTTP no está habilitado • https://lists.apache.org/thread.html/r17d94d132b207dad221595fd8b8b18628f5f5ec7e3f5be939ecd8928%40%3Ccommits.druid.apache.org%3E • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2018-11768
https://notcve.org/view.php?id=CVE-2018-11768
04 Oct 2019 — In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage. En Apache Hadoop versiones 3.1.0 hasta 3.1.1, 3.0.0-alpha1 hasta 3.0.3, 2.9.0 hasta 2.9.1 y 2.0.0-alpha hasta 2.8.4, la información de user/group puede corromperse durante el almacenamiento en fsimage y una lectura nuevamente desde fsimage. • https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2018-8029
https://notcve.org/view.php?id=CVE-2018-8029
30 May 2019 — In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. En las versiones 3.0.0-alpha1 hasta 3.1.0, 2.9.0 hasta 2.9.1, y 2.2.0 hasta 2.8.4 de Apache Hadoop, Un usuario que pueda escalar a usuario yarn puede ejecutar comandos arbitrarios como usuario root. • http://www.securityfocus.com/bid/108518 •