CVE-2021-39233

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client...

CVE-2021-39233 Container-related datanode operations can be called without authorization

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client...

CVE-2021-39231 Missing authentication/authorization on internal RPC endpoints

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...

Apache Ozone 安全漏洞

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments. Apache Ozone version 1.2.0 has a security vulnerability that stems from various internal server-to-server RPC endpoints that can be used to connect, and an attacker can...

Apache Ozone 输入验证错误漏洞

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an input validation error vulnerability exists in Apache Ozone, which stems from the product's Ozone Datanode not checking the block token's access mode parameter. An...

PT-2021-22481 · Apache · Apache Ozone

Name of the Vulnerable Software and Affected Versions: Apache Ozone versions prior to 1.2.0 Description: The issue allows an attacker to access internal server-to-server RPC endpoints, enabling them to download raw data from Datanode and Ozone manager, and modify Ratis replication configuration...

PT-2021-22485 · Apache · Apache Ozone

Name of the Vulnerable Software and Affected Versions: Apache Ozone versions prior to 1.2.0 Description: The issue arises because the Ozone Datanode in Apache Ozone does not check the access mode parameter of the block token. As a result, authenticated users who have a valid READ block token can...

Information disclosure

This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in t...

CVE-2016-5001

CVE-2016-5001 affects Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2, in the HDFS short-circuit reads feature. Root cause: a flaw in the token-based access control that lets a local DataNode user craft a block token to read arbitrary files. Impact: information disclosure (unauthorized read acc...

Input Validation Bypass

Apache Hadoop HDFS is vulnerable to input validation bypass. The attack is possible because it does not correctly handle the validation of the input to NameNode when it is sent as a query parameter during the interaction of the HDFS client with the DataNode in the HDFS namespace browsing. A user...

CVE-2017-3162

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0...

CVE-2017-3162

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0...

CVE-2017-3162

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0...

CVE-2017-3162

Apache Hadoop CVE-2017-3162: A vulnerability in the HDFS namespace browsing flow where the DataNode servlet accepts a NameNode URL as a query parameter without validation, allowing an attacker to bypass security restrictions. Affected software includes Hadoop versions prior to 2.7.0; the issue st...

Apache Hadoop DataNode Missed Validation Vulnerability

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated. Apache Hadoop versions 2.6.x and earlier are affected. CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability Severity: Important Vendor: The...

Information Disclosure

Apache Hadoop is vulnerable to information disclosure. A local user on an HDFS DataNode may be able to generate a block token that grants unauthorized read access to random files by guessing certain fields in the token...

CVE-2012-3376

CVE-2012-3376 affects Hadoop 2.0.0-alpha where DataNodes do not check BlockTokens for clients when Kerberos is enabled and a DataNode has registered multiple times for the same BlockPool. This can allow remote clients to read arbitrary blocks or write to blocks they only have read access to, amon...

[CVE-2012-3376] Apache Hadoop HDFS information disclosure vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Users of Apache Hadoop should be aware of a security vulnerability recently discovered, as described by the following CVE. In particular, please note the "Users affected", "Versions affected", and "Mitigation" sections. The project team will be...

hadoop-datanode-info NSE Script

Discovers information such as log directories from an Apache Hadoop DataNode HTTP status page. Information gathered: Log directory relative to Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size, http.max-cache-size, http.max-pipeline,...

Apache Hadoop HDFS DataNode Web Detection

The web interface for a DataNode was detected on the remote host. A DataNode manages the storage attached to a node in a Hadoop Distributed File System HDFS cluster. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid50307; scriptversion"1.8"; scriptcvsdate"Date:...