Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache hadoop 2.8.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-11765
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.
Apache Hadoop 3.0.0
Apache Hadoop
7.5
CVSSv3
CVE-2018-1296
In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.
Apache Hadoop 3.0.0
Apache Hadoop 2.8.0
Apache Hadoop
Apache Hadoop 2.8.1
Apache Hadoop 2.8.2
Apache Hadoop 2.8.3
Apache Hadoop 2.9.0
8.8
CVSSv3
CVE-2018-8009
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
Apache Hadoop 2.0.0
Apache Hadoop 3.0.0
Apache Hadoop
Apache Hadoop 3.1.0
7.5
CVSSv3
CVE-2017-7669
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.
Apache Hadoop 2.8.0
Apache Hadoop 3.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started