Lucene search
ApacheCVE-2024-23454HistorySep 25, 2024 - 8:15 a.m.
CVE-2024-23454
2024-09-2508:15:04
CWE-269
apache
web.nvd.nist.gov
14
apache hadoop
runjar.run()
permissions
temporary directory
sensitive data
local users
Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content.
This is because, on unix-like systems, the system temporary directory is
shared between all local users. As such, files written in this directory,
without setting the correct posix permissions explicitly, may be viewable
by all other local users.
Affected configurations
Node
apachehadoopRange≤3.4.0
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Hadoop",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
cvelist
cvelist
CVE-2024-23454 Apache Hadoop: Temporary File Local Information Disclosure
2024-09-25 07:45:43
github
github
Apache Hadoop: Temporary File Local Information Disclosure
2024-09-25 09:30:46
nvd
nvd
CVE-2024-23454
2024-09-25 08:15:04
vulnrichment
vulnrichment
CVE-2024-23454 Apache Hadoop: Temporary File Local Information Disclosure
2024-09-25 07:45:43
osv
osv
Apache Hadoop: Temporary File Local Information Disclosure
2024-09-25 09:30:46