CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-25168 – Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar
https://notcve.org/view.php?id=CVE-2022-25168
04 Aug 2022 — Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. • https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-26612 – Arbitrary file write in FileUtil#unpackEntries on Windows
https://notcve.org/view.php?id=CVE-2022-26612
07 Apr 2022 — In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't ... • https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-9492 – hadoop: WebHDFS client might send SPNEGO authorization header
https://notcve.org/view.php?id=CVE-2020-9492
26 Jan 2021 — In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. En Apache Hadoop versiones 3.2.0 hasta 3.2.1, versiones 3.0.0-alpha1 hasta 3.1.3 y versiones 2.0.0-alpha hasta 2.10.0, el cliente WebHDFS puede enviar el encabezado de autorización SPNEGO hacia una URL remota sin la comprobación apropiada A flaw was found in Apache hadoop. The WebHDFS client can send a SPNEGO authorization header ... • https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429%40%3Ccommits.druid.apache.org%3E • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2018-11768
https://notcve.org/view.php?id=CVE-2018-11768
04 Oct 2019 — In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage. En Apache Hadoop versiones 3.1.0 hasta 3.1.1, 3.0.0-alpha1 hasta 3.0.3, 2.9.0 hasta 2.9.1 y 2.0.0-alpha hasta 2.8.4, la información de user/group puede corromperse durante el almacenamiento en fsimage y una lectura nuevamente desde fsimage. • https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 12EXPL: 1CVE-2018-8009 – hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
https://notcve.org/view.php?id=CVE-2018-8009
13 Nov 2018 — Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file. Apache Hadoop 3.1.0, 3.0.0-alpha a 3.0.2, 2.9.0 a 2.9.1, 2.8.0 a 2.8.4, 2.0.0-alpha a 2.7.6 y 0.23.0 a 0.23.11 puede explotarse mediante la vulnerabilidad "zip slip" en lugares que aceptan un archivo zip. This release of Red Hat Fuse 7.5.0 serves as a replacement for Red Hat Fuse 7.4, and includes bug fixes and enha... • http://www.securityfocus.com/bid/105927 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2017-15713 – Apache Hadoop 0.23.x Private File Disclosure
https://notcve.org/view.php?id=CVE-2017-15713
19 Jan 2018 — Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host. Vulnerabilidad en Apache Hadoop 0.23.x, 2.x en versiones anteriores a la 2.7.5, 2.8.x en versiones anteriores a la 2.8.3 y 3.0.0-alp... • https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2012-4449
https://notcve.org/view.php?id=CVE-2012-4449
30 Oct 2017 — Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack. Apache Hadoop en versiones anteriores a la 0.23.4, las versiones 1.x anteriores a la 1.0.4 y las versiones 2.x anteriores a la 2.0.2 genera contraseñas token empleando un secreto de 20 bits cuando las características de seguridad de Kerberos están hab... • http://mail-archives.apache.org/mod_mbox/hadoop-general/201210.mbox/%3CCA+z3+9FYdPmzBEaMZ71SUqzRx=eU=o4mSHUsbrpzgR9X_F1c0Q%40mail.gmail.com%3E • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5001
https://notcve.org/view.php?id=CVE-2016-5001
30 Aug 2017 — This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token. Existe una vulnerabilidad de divulgación de información en Apache Hadoop en versiones anteriores a la 2.6.4 y en 2.7.x anteriores a la 2.7.2 en la característica short-circuit reads en HDFS. Un usuario loc... • http://seclists.org/oss-sec/2016/q4/698 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3161
https://notcve.org/view.php?id=CVE-2017-3161
26 Apr 2017 — The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter. El interface web HDFS de Apache Hadoop anterior a 2.7.0 es vulnerable a un ataque cross-site scripting a través de un parámetro mal filtrado. • http://www.securityfocus.com/bid/98025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3162 – Apache Hadoop DataNode Missed Validation
https://notcve.org/view.php?id=CVE-2017-3162
26 Apr 2017 — HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0. Vulnerabilidad en HDFS de Hadoop en versiones anteriores a la 2.7.0, a través de la cual clientes de HDFS podrían interactuar con un servlet en el DataNode para poder explorar el espacio de nombres HDFS. El NameNode se proporcionaría como un parámetro de consulta que no estaría validado en las versiones mencionadas de Apache Had... • http://www.securityfocus.com/bid/98017 • CWE-20: Improper Input Validation •