CVSS: 7.5EPSS: 12%CPEs: 1EXPL: 0CVE-2023-26031 – Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems
https://notcve.org/view.php?id=CVE-2023-26031
16 Nov 2023 — Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the " YARN Secure Containers https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html " to add a feature for executing user-submitted applications in isolated linux containers. The native b... • https://hadoop.apache.org/cve_list.html • CWE-426: Untrusted Search Path •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2021-25642 – Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity scheduler
https://notcve.org/view.php?id=CVE-2021-25642
25 Aug 2022 — ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used. ZKConfigurationStore que es usado opcionalmente por CapacityScheduler de Apache Hadoop YARN de serializa los datos obtenidos de ZooKeeper... • https://github.com/safe3s/CVE-2021-25642 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2022-25168 – Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar
https://notcve.org/view.php?id=CVE-2022-25168
04 Aug 2022 — Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. • https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-26612 – Arbitrary file write in FileUtil#unpackEntries on Windows
https://notcve.org/view.php?id=CVE-2022-26612
07 Apr 2022 — In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't ... • https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz • CWE-59: Improper Link Resolution Before File Access ('Link Following') •