CVSS: 6.5EPSS: 0%CPEs: 25EXPL: 0CVE-2014-0229
https://notcve.org/view.php?id=CVE-2014-0229
23 Mar 2017 — Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. Apache Hadoop 0.23.x en versiones anteriores a 0.23.11 y 2.x en versiones anteriores a 2.4.1, como se utiliza en Cloudera CDH 5.0.x en versi... • https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7430
https://notcve.org/view.php?id=CVE-2015-7430
02 Jan 2016 — The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors. El conector Hadoop 1.1.1, 2.4, 2.5 y 2.7.0-0 en versiones anteriores a 2.7.0-3 para IBM Spectrum Scale y General Parallel File System (GPFS) permite a usuarios locales leer o escribir datos GPFS arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=isg3T1022979 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 2%CPEs: 26EXPL: 0CVE-2014-3627
https://notcve.org/view.php?id=CVE-2014-3627
05 Dec 2014 — The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache. El demonio YARN NodeManager en Apache Hadoop 0.23.0 hasta 0.23.11 y 2.x anterior a 2.5.2, cuando utiliza la autenticación Kerberos, permite a usuarios remotos de clúster ... • http://mail-archives.apache.org/mod_mbox/hadoop-general/201411.mbox/%3CCALwhT97dOi04aC3VbekaB+zn2UAS_OZV2EAiP78GmjnMzfp2Ug%40mail.gmail.com%3E • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.2EPSS: 0%CPEs: 23EXPL: 0CVE-2013-2192 – hadoop: man-in-the-middle vulnerability
https://notcve.org/view.php?id=CVE-2013-2192
21 Jan 2014 — The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication. La implementación del protocolo RPC en Apache Hadoop v2.x anterior a v2.0.6-alpha, v0.23.x anterior a v0.23.9, y v1.x anterior a v1.2.1, cuando las características de seguridad de Kerberos ... • http://rhn.redhat.com/errata/RHSA-2014-0037.html • CWE-287: Improper Authentication •