CVE Vulnerabilities

CVE-2018-8029

Published: May 30, 2019 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
9 HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
8.8 MODERATE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu

In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.

Affected Software

Name Vendor Start Version End Version
Hadoop Apache 2.2.0 (including) 2.8.4 (including)
Hadoop Apache 3.0.1 (including) 3.1.0 (including)
Hadoop Apache 2.9.0 (including) 2.9.0 (including)
Hadoop Apache 2.9.1 (including) 2.9.1 (including)
Hadoop Apache 3.0.0 (including) 3.0.0 (including)
Hadoop Apache 3.0.0-alpha1 (including) 3.0.0-alpha1 (including)
Hadoop Apache 3.0.0-alpha2 (including) 3.0.0-alpha2 (including)
Hadoop Apache 3.0.0-alpha3 (including) 3.0.0-alpha3 (including)
Hadoop Apache 3.0.0-alpha4 (including) 3.0.0-alpha4 (including)
Hadoop Apache 3.0.0-beta1 (including) 3.0.0-beta1 (including)

References