Lucene search
Veracode Vulnerability DatabaseVERACODE:6005HistoryMar 22, 2018 - 2:07 a.m.
File Permission Manipulation Via Symlink Attack
2018-03-2202:07:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.001 Low
EPSS
Percentile
44.3%
hadoop-common-yarn is vulnerable to file permission manipulation. Using a symlink attack in a public tar archive, attackers can change the permissions on files to be world-readable.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache hadoop yarn common | le | 0.23.11 | |
| apache hadoop yarn common | le | 2.5.1 | |
| apache hadoop yarn nodemanager | le | 2.5.1 |
References
Related
cve
cve
CVE-2014-3627
2014-12-05 16:59:04
nvd
nvd
CVE-2014-3627
2014-12-05 16:59:04
prion
prion
Authentication flaw
2014-12-05 16:59:00
cvelist
cvelist
CVE-2014-3627
2014-12-05 16:00:00
osv
osv
Improper Link Resolution Before File Access in Apache Hadoop
2022-05-17 04:20:31
github
github
Improper Link Resolution Before File Access in Apache Hadoop
2022-05-17 04:20:31
