apache/hadoop: The latest CVE Vulnerabilities and Exploits for Penetration Test

Last Updated: 2023-05-04

Page content

apache/hadoop Vulnerability Summary

Vendor name: apache
Product name: hadoop
Total vulnerabilities: 29 (as 2023-05-04)

apache/hadoop Vulnerability List

CVE-2020-9492: In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client…

Published: 2021-01-26T18:16:00 Last Modified: 2021-11-30T22:21:00

Summary

In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Scores

Impact Score: 6.4
Exploitability Score: 8.0
CVSS: 6.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-9492 vulnerability.

References

CVE-2018-11764: Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and…

Published: 2020-10-21T19:15:00 Last Modified: 2020-11-03T13:15:00

Summary

Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.

Common Weakness Enumeration (CWE): CWE-306: Missing Authentication for Critical Function

CWE Description: The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Scores

Impact Score: 10.0
Exploitability Score: 8.0
CVSS: 9.0
CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-11764 vulnerability.

References

CVE-2018-11765: In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can…

Published: 2020-09-30T18:15:00 Last Modified: 2020-10-16T11:15:00

Summary

In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-11765 vulnerability.

References

CVE-2012-2945: Hadoop 1.0.3 contains a symlink vulnerability.

Published: 2019-10-29T19:15:00 Last Modified: 2019-10-31T01:09:00

Summary

Hadoop 1.0.3 contains a symlink vulnerability.

Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)

CWE Description: The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-2945 vulnerability.

References

CVE-2019-17195: Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT,…

Published: 2019-10-15T14:15:00 Last Modified: 2022-02-07T16:15:00

Summary

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

Common Weakness Enumeration (CWE): CWE-755: Improper Handling of Exceptional Conditions

CWE Description: The software does not handle or incorrectly handles an exceptional condition.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-17195 vulnerability.

References

CVE-2018-11768: In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4,…

Published: 2019-10-04T14:15:00 Last Modified: 2020-08-06T14:15:00

Summary

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-11768 vulnerability.

References

CVE-2018-8029: In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who…

Published: 2019-05-30T16:29:00 Last Modified: 2020-10-08T10:15:00

Summary

In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.

Scores

Impact Score: 10.0
Exploitability Score: 8.0
CVSS: 9.0
CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-8029 vulnerability.

References

CVE-2018-11767: In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting…

Published: 2019-03-21T16:00:00 Last Modified: 2019-10-03T00:03:00

Summary

In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms.

Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management

CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-11767 vulnerability.

References

CVE-2018-1296: In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes…

Published: 2019-02-07T22:29:00 Last Modified: 2019-02-21T17:13:00

Summary

In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1296 vulnerability.

References

CVE-2018-11766: In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can…

Published: 2018-11-27T14:29:00 Last Modified: 2019-10-03T00:03:00

Summary

In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.

Scores

Impact Score: 10.0
Exploitability Score: 8.0
CVSS: 9.0
CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-11766 vulnerability.

References

CVE-2018-8009: Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6,…

Published: 2018-11-13T21:29:00 Last Modified: 2020-10-08T10:15:00

Summary

Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

Impact Score: 6.4
Exploitability Score: 8.0
CVSS: 6.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-8009 vulnerability.

References

CVE-2017-15718: The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store…

Published: 2018-01-24T14:29:00 Last Modified: 2019-10-03T00:03:00

Summary

The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-15718 vulnerability.

References

https://lists.apache.org/thread.html/773c93c2d8a6a52bbe97610c2b1c2ad205b970e1b8c04fb5b2fccad6@%3Cgeneral.hadoop.apache.org%3E

CVE-2017-15713: Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha…

Published: 2018-01-19T17:29:00 Last Modified: 2018-02-06T14:55:00

Summary

Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-15713 vulnerability.

References

https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E

CVE-2017-3166: In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an…

Published: 2017-11-13T14:29:00 Last Modified: 2020-08-24T17:37:00

Summary

In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN’s localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.

Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource

CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2017-3166 vulnerability.

References

CVE-2012-4449: Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords…

Published: 2017-10-30T19:29:00 Last Modified: 2017-11-21T15:53:00

Summary

Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.

Common Weakness Enumeration (CWE): CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE Description: The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-4449 vulnerability.

References

CVE-2016-3086: The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the…

Published: 2017-09-05T13:29:00 Last Modified: 2017-09-11T18:25:00

Summary

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-3086 vulnerability.

References

CVE-2016-5001: This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before…

Published: 2017-08-30T19:29:00 Last Modified: 2021-07-03T21:15:00

Summary

This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2016-5001 vulnerability.

References

CVE-2017-7669: In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker…

Published: 2017-06-05T01:29:00 Last Modified: 2017-06-09T16:21:00

Summary

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 10.0
Exploitability Score: 6.8
CVSS: 8.5
CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-7669 vulnerability.

References

CVE-2017-3161: The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS)…

Published: 2017-04-26T20:59:00 Last Modified: 2021-07-03T21:15:00

Summary

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-3161 vulnerability.

References

CVE-2017-3162: HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode…

Published: 2017-04-26T20:59:00 Last Modified: 2021-07-03T21:15:00

Summary

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-3162 vulnerability.

References

CVE-2016-6811: In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run…

Published: 2017-04-11T14:59:00 Last Modified: 2018-05-10T13:12:00

Summary

In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

Impact Score: 10.0
Exploitability Score: 8.0
CVSS: 9.0
CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-6811 vulnerability.

References

https://lists.apache.org/thread.html/9ba3c12bbdfd5b2cae60909e48f92608e00c8d99196390b8cfeca307@%3Cgeneral.hadoop.apache.org%3E

CVE-2014-0229: Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before…

Published: 2017-03-23T20:59:00 Last Modified: 2017-03-28T18:03:00

Summary

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0229 vulnerability.

References

https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r

CVE-2016-5393: In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate…

Published: 2016-11-29T06:59:00 Last Modified: 2016-12-01T20:29:00

Summary

In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.

Common Weakness Enumeration (CWE): CWE-284: Improper Access Control

CWE Description: The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Scores

Impact Score: 6.4
Exploitability Score: 8.0
CVSS: 6.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-5393 vulnerability.

References

CVE-2015-1776: Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along…

Published: 2016-04-19T21:59:00 Last Modified: 2016-11-28T19:18:00

Summary

Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2015-1776 vulnerability.

References

CVE-2015-7430: The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and…

Published: 2016-01-02T21:59:00 Last Modified: 2016-01-07T20:17:00

Summary

The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2015-7430 vulnerability.

References

http://www-01.ibm.com/support/docview.wss?uid=isg3T1022979

CVE-2014-3627: The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when…

Published: 2014-12-05T16:59:00 Last Modified: 2014-12-06T01:15:00

Summary

The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.

Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-3627 vulnerability.

References

CVE-2013-2192: The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9,…

Published: 2014-01-24T18:55:00 Last Modified: 2017-03-24T01:59:00

Summary

The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

Impact Score: 4.9
Exploitability Score: 3.2
CVSS: 3.2
CVSS Vector: AV:A/AC:H/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: ADJACENT_NETWORK

Currently, there is no code for exploiting the CVE-2013-2192 vulnerability.

References

CVE-2012-3376: DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is…

Published: 2012-07-12T19:55:00 Last Modified: 2017-03-24T01:59:00

Summary

DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.

Common Weakness Enumeration (CWE): CWE-310: Cryptographic Issues

CWE Description: Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-3376 vulnerability.

References

CVE-2012-1574: The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0,…

Published: 2012-04-12T10:45:00 Last Modified: 2017-03-24T01:59:00

Summary

The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.

Common Weakness Enumeration (CWE): CWE-310: Cryptographic Issues

Scores

Impact Score: 6.4
Exploitability Score: 8.0
CVSS: 6.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-1574 vulnerability.

References