Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache hadoop vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-11764
Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.
Apache Hadoop 3.0.0
8.8
CVSSv3
CVE-2018-8029
In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
Apache Hadoop 3.0.0
Apache Hadoop 2.9.0
Apache Hadoop
Apache Hadoop 2.9.1
8.8
CVSSv3
CVE-2018-11766
In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.
Apache Hadoop
8.8
CVSSv3
CVE-2018-8009
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
Apache Hadoop 2.0.0
Apache Hadoop 3.0.0
Apache Hadoop
Apache Hadoop 3.1.0
8.8
CVSSv3
CVE-2016-6811
In Apache Hadoop 2.x prior to 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
Apache Hadoop
8.8
CVSSv3
CVE-2016-5393
In Apache Hadoop 2.6.x prior to 2.6.5 and 2.7.x prior to 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.
Apache Hadoop 2.7.1
Apache Hadoop 2.7.2
Apache Hadoop 2.7.0
Apache Hadoop 2.6.4
Apache Hadoop 2.6.2
Apache Hadoop 2.6.0
Apache Hadoop 2.6.3
Apache Hadoop 2.6.1
8.4
CVSSv3
CVE-2015-7430
The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 prior to 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors.
Apache Hadoop 2.5.0
Apache Hadoop 1.1.1
Apache Hadoop 2.7.0
Apache Hadoop 2.4.0
8.1
CVSSv3
CVE-2018-8042
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.
Apache Ambari
7.8
CVSSv3
CVE-2017-3166
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be sh...
Apache Hadoop 2.6.2
Apache Hadoop 2.7.0
Apache Hadoop 2.6.3
Apache Hadoop 2.6.4
Apache Hadoop 3.0.0
Apache Hadoop 2.7.2
Apache Hadoop 2.7.1
Apache Hadoop 2.6.1
Apache Hadoop 2.6.5
Apache Hadoop 2.7.3
7.5
CVSSv3
CVE-2023-26031
Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges. Hadoop 3....
Apache Hadoop
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
command injection
CVE-2021-47511
CVE-2024-26238
CVE-2024-4858
CVE-2024-21305
XXE
CVE-2021-47555
CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »