← volver
CVE-2021-33036

Apache Hadoop Privilege escalation vulnerability

EPSS 3.2%CWE-24CWE-264
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Productos afectados
Apache Software Foundation · Apache Hadoop

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5https://security.netapp.com/advisory/ntap-20220722-0003/http://www.openwall.com/lists/oss-security/2022/06/15/2