40 matches found
EUVD-2021-2282
Malware in sbrugna...
CVE-2021-39231
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...
CVE-2021-39233
In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client...
Malicious code in datanode-explorer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00d1448b8e6f940f88898c792caf2dee90ce774b871651177f974d3f73810b43 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2354 Malicious code in datanode-explorer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00d1448b8e6f940f88898c792caf2dee90ce774b871651177f974d3f73810b43 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Client BlockTokens not checked in Apache Hadoop
DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and...
GHSA-9R7G-325H-MXRM Improper Authentication in Apache Hadoop
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the 1 refreshNamenodes, 2 deleteBlockPool, and 3 shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service DataNode...
GHSA-8R28-R8CP-G6CP Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in t...
GHSA-PR9X-QMP5-J3RR Improper Input Validation in Apache Hadoop
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0...
Improper Input Validation in Apache Hadoop
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0...
Apache Ozone input validation error vulnerability
Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an input validation error vulnerability exists in Apache Ozone, which stems from the product's Ozone Datanode not checking the block token's access mode parameter. An...
GHSA-3W5H-X4RH-HC28 Exposure of sensitive information in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...
Exposure of sensitive information in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...
GHSA-33XH-XCH9-P6HJ Incorrect Authorization in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client...
Incorrect Authorization in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client...
GHSA-C6J7-4FR9-C76P Incorrect permissions in Apache Ozone
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...
Incorrect permissions in Apache Ozone
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...
CVE-2021-39231
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...
CVE-2021-39233
In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client...
CVE-2021-39231
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...