← back
CVE-2021-33036

Apache Hadoop Privilege escalation vulnerability

EPSS 3.2%CWE-24CWE-264
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Affected products
Apache Software Foundation · Apache Hadoop

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5https://security.netapp.com/advisory/ntap-20220722-0003/http://www.openwall.com/lists/oss-security/2022/06/15/2