CVSS: 7.5EPSS: 12%CPEs: 1EXPL: 0CVE-2023-26031 – Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems
https://notcve.org/view.php?id=CVE-2023-26031
16 Nov 2023 — Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the " YARN Secure Containers https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html " to add a feature for executing user-submitted applications in isolated linux containers. The native b... • https://hadoop.apache.org/cve_list.html • CWE-426: Untrusted Search Path •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2021-25642 – Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity scheduler
https://notcve.org/view.php?id=CVE-2021-25642
25 Aug 2022 — ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used. ZKConfigurationStore que es usado opcionalmente por CapacityScheduler de Apache Hadoop YARN de serializa los datos obtenidos de ZooKeeper... • https://github.com/safe3s/CVE-2021-25642 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2022-25168 – Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar
https://notcve.org/view.php?id=CVE-2022-25168
04 Aug 2022 — Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. • https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 7EXPL: 0CVE-2021-33036 – Apache Hadoop Privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2021-33036
15 Jun 2022 — In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. En Apache Hadoop versiones 2.2.0 a 2.10.1, 3.0.0-alpha1 a 3.1.4, 3.2.0 a 3.2.2 y 3.3.0 a 3.3.1, un usuario que puede escalar a usuario hilo puede ejecutar posiblemente comandos arbitrarios como usuario root. Los usuarios deben actualizar a Apache Hadoop versione... • http://www.openwall.com/lists/oss-security/2022/06/15/2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37404 – Heap buffer overflow in libhdfs native library
https://notcve.org/view.php?id=CVE-2021-37404
13 Jun 2022 — There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. Se presenta un potencial desbordamiento del búfer de la pila en el código nativo de Apache Hadoop libhdfs. La apertura de una ruta de archivo proporcionada por el usuario sin que sea comprobada puede resultar en una denegación de servicio o un... • https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-26612 – Arbitrary file write in FileUtil#unpackEntries on Windows
https://notcve.org/view.php?id=CVE-2022-26612
07 Apr 2022 — In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't ... • https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz • CWE-59: Improper Link Resolution Before File Access ('Link Following') •