Hadoop Security Vulnerabilities and Issues — Hadoop CVE List

Lucene search

ApacheHadoop

6 matches found

CVE•added 2019/10/15 2:15 p.m.•277 views

CVE-2019-17195

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

9.8CVSS9.2AI score0.1232EPSS

CVE•added 2019/10/04 2:15 p.m.•174 views

CVE-2018-11768

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.

7.5CVSS7.2AI score0.03485EPSS

CVE•added 2019/05/30 4:29 p.m.•127 views

CVE-2018-8029

In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.

9CVSS8.8AI score0.01759EPSS

CVE•added 2019/02/07 10:29 p.m.•82 views

CVE-2018-1296

In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.

7.5CVSS7.3AI score0.00574EPSS

CVE•added 2019/03/21 4:0 p.m.•78 views

CVE-2018-11767

In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms.

7.4CVSS7.3AI score0.022EPSS

CVE•added 2019/10/29 7:15 p.m.•61 views

CVE-2012-2945

Hadoop 1.0.3 contains a symlink vulnerability.

7.5CVSS7.5AI score0.01713EPSS