cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-23454,https://securityvulnerability.io/vulnerability/CVE-2024-23454,"Hadoop's RunJar.run() does not set permissions for temporary directory by default, posing risk to sensitive data","Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content.
This is because, on unix-like systems, the system temporary directory is
shared between all local users. As such, files written in this directory,
without setting the correct posix permissions explicitly, may be viewable
by all other local users.",Apache,Apache Hadoop,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-25T07:45:43.496Z,0
CVE-2023-26031,https://securityvulnerability.io/vulnerability/CVE-2023-26031,Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems,"A security vulnerability in the container-executor binary of Apache Hadoop YARN allows local users to gain elevated root privileges by exploiting relative library resolution. If a YARN cluster is configured to accept jobs from remote authenticated users, it might enable those users to also execute jobs with root privileges. This vulnerability arises due to a misconfiguration in the library loading path, allowing less privileged users to replace critical libraries like libcrypto.so with malicious versions. Affected installations can be verified by checking the RUNPATH or RPATH of the container-executor binary, and the issue can be mitigated by upgrading to Apache Hadoop version 3.3.5, which contains the appropriate patches.",Apache,Apache Hadoop,7.5,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2023-11-16T09:15:00.000Z,0
CVE-2021-25642,https://securityvulnerability.io/vulnerability/CVE-2021-25642,Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity scheduler,"ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.",Apache,Apache Hadoop,8.8,HIGH,0.0026199999265372753,false,,false,false,true,2022-08-26T03:51:58.000Z,true,false,false,,2022-08-25T00:00:00.000Z,0
CVE-2022-25168,https://securityvulnerability.io/vulnerability/CVE-2022-25168,Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar,"Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. ""Check existence of file before untarring/zipping"", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).",Apache,Apache Hadoop,9.8,CRITICAL,0.006920000072568655,false,,false,false,false,,,false,false,,2022-08-04T14:30:17.000Z,0
CVE-2021-33036,https://securityvulnerability.io/vulnerability/CVE-2021-33036,Apache Hadoop Privilege escalation vulnerability,"In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.",Apache,Apache Hadoop,8.8,HIGH,0.00203999993391335,false,,false,false,false,,,false,false,,2022-06-15T14:25:14.000Z,0
CVE-2021-37404,https://securityvulnerability.io/vulnerability/CVE-2021-37404,Heap buffer overflow in libhdfs native library,"There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.",Apache,Apache Hadoop,9.8,CRITICAL,0.004220000002533197,false,,false,false,false,,,false,false,,2022-06-13T07:00:16.000Z,0
CVE-2022-26612,https://securityvulnerability.io/vulnerability/CVE-2022-26612,Arbitrary file write in FileUtil#unpackEntries on Windows,"In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3",Apache,Apache Hadoop,9.8,CRITICAL,0.008200000040233135,false,,false,false,false,,,false,false,,2022-04-07T18:20:12.000Z,0
CVE-2020-9492,https://securityvulnerability.io/vulnerability/CVE-2020-9492,,"In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.",Apache,Apache Hadoop,8.8,HIGH,0.005169999785721302,false,,false,false,false,,,false,false,,2021-01-26T12:55:29.000Z,0
CVE-2018-11764,https://securityvulnerability.io/vulnerability/CVE-2018-11764,,"Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.",Apache,Apache Hadoop,8.8,HIGH,0.0019099999917671084,false,,false,false,false,,,false,false,,2020-10-21T18:13:56.000Z,0
CVE-2018-11765,https://securityvulnerability.io/vulnerability/CVE-2018-11765,,"In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.",Apache,Apache Hadoop,7.5,HIGH,0.0025500000920146704,false,,false,false,false,,,false,false,,2020-09-30T17:02:20.000Z,0
CVE-2018-11768,https://securityvulnerability.io/vulnerability/CVE-2018-11768,,"In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.",Apache,Apache Hadoop,7.5,HIGH,0.006659999955445528,false,,false,false,false,,,false,false,,2019-10-04T13:56:56.000Z,0
CVE-2018-8029,https://securityvulnerability.io/vulnerability/CVE-2018-8029,,"In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.",Apache,Apache Hadoop,8.8,HIGH,0.002850000048056245,false,,false,false,false,,,false,false,,2019-05-30T15:15:42.000Z,0
CVE-2018-11767,https://securityvulnerability.io/vulnerability/CVE-2018-11767,,"In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms.",Apache,Apache Hadoop,7.4,HIGH,0.0019000000320374966,false,,false,false,false,,,false,false,,2019-03-21T16:00:00.000Z,0
CVE-2018-1296,https://securityvulnerability.io/vulnerability/CVE-2018-1296,,"In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.",Apache,Apache Hadoop,7.5,HIGH,0.0008099999977275729,false,,false,false,false,,,false,false,,2019-02-07T22:29:00.000Z,0
CVE-2018-11766,https://securityvulnerability.io/vulnerability/CVE-2018-11766,,"In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.",Apache,Apache Hadoop,8.8,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2018-11-27T14:00:00.000Z,0
CVE-2018-8009,https://securityvulnerability.io/vulnerability/CVE-2018-8009,,"Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.",Apache,Apache Hadoop,8.8,HIGH,0.011350000277161598,false,,false,false,false,,,false,false,,2018-11-13T21:00:00.000Z,0
CVE-2017-15718,https://securityvulnerability.io/vulnerability/CVE-2017-15718,,The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.,Apache,Apache Hadoop,9.8,CRITICAL,0.002309999894350767,false,,false,false,false,,,false,false,,2018-01-24T00:00:00.000Z,0
CVE-2017-15713,https://securityvulnerability.io/vulnerability/CVE-2017-15713,,"Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.",Apache,Apache Hadoop,6.5,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2018-01-19T00:00:00.000Z,0
CVE-2017-3166,https://securityvulnerability.io/vulnerability/CVE-2017-3166,,"In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.",Apache,Apache Hadoop,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-11-13T14:29:00.000Z,0
CVE-2016-3086,https://securityvulnerability.io/vulnerability/CVE-2016-3086,,The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.,Apache,Apache Hadoop,9.8,CRITICAL,0.0013299999991431832,false,,false,false,false,,,false,false,,2017-09-05T13:29:00.000Z,0
CVE-2016-5001,https://securityvulnerability.io/vulnerability/CVE-2016-5001,,This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.,Apache,Apache Hadoop,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-08-30T19:29:00.000Z,0
CVE-2017-7669,https://securityvulnerability.io/vulnerability/CVE-2017-7669,,"In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.",Apache,Apache Hadoop,7.5,HIGH,0.0020000000949949026,false,,false,false,false,,,false,false,,2017-06-05T01:29:00.000Z,0
CVE-2017-3161,https://securityvulnerability.io/vulnerability/CVE-2017-3161,,The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.,Apache,Apache Hadoop,6.1,MEDIUM,0.0025599999353289604,false,,false,false,false,,,false,false,,2017-04-26T20:00:00.000Z,0
CVE-2017-3162,https://securityvulnerability.io/vulnerability/CVE-2017-3162,,HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.,Apache,Apache Hadoop,7.3,HIGH,0.0032500000670552254,false,,false,false,false,,,false,false,,2017-04-26T20:00:00.000Z,0
CVE-2016-5393,https://securityvulnerability.io/vulnerability/CVE-2016-5393,,"In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.",Apache,Apache Hadoop,8.8,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2016-11-29T06:00:00.000Z,0