Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache hadoop 2.8.0 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-11765
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.
Apache Hadoop 3.0.0
Apache Hadoop
445
VMScore
CVE-2018-1296
In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.
Apache Hadoop 3.0.0
Apache Hadoop 2.8.0
Apache Hadoop
Apache Hadoop 2.8.1
Apache Hadoop 2.8.2
Apache Hadoop 2.8.3
Apache Hadoop 2.9.0
580
VMScore
CVE-2018-8009
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
Apache Hadoop 2.0.0
Apache Hadoop 3.0.0
Apache Hadoop
Apache Hadoop 3.1.0
756
VMScore
CVE-2017-7669
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.
Apache Hadoop 3.0.0
Apache Hadoop 2.8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started