Severity: Critical
Description:
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2,
and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run
arbitrary commands as root user. Users should upgrade to Apache Hadoop
2.10.2, 3.2.3, 3.3.2 or higher.
Mitigation:
CVE-2020-9492. Apache Hadoop Potential privilege escalation
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, 2.0.0-alpha to 2.10.0
Description:
WebHDFS client might send SPNEGO authorization header to remote URL
without proper
CVE-2018-11764: Apache Hadoop Privilege escalation in web endpoint
Severity: Critical
Vendor: The Apache Software Foundation
Versions affected:
3.0.0-alpha4, 3.0.0-beta1, and 3.0.0
Description:
Web endpoint authentication check is broken. Authenticated users may
impersonate any user even if no