Lucene search
ApacheVULNRICHMENT:CVE-2024-23454HistorySep 25, 2024 - 7:45 a.m.
CVE-2024-23454 Apache Hadoop: Temporary File Local Information Disclosure
2024-09-2507:45:43
CWE-269
apache
github.com
apache hadoop
runjar.run()
local information disclosure
temporary file
AI Score
6.5
Confidence
Low
EPSS
0
Percentile
9.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content.
This is because, on unix-like systems, the system temporary directory is
shared between all local users. As such, files written in this directory,
without setting the correct posix permissions explicitly, may be viewable
by all other local users.
Related
cvelist
cvelist
CVE-2024-23454 Apache Hadoop: Temporary File Local Information Disclosure
2024-09-25 07:45:43
github
github
Apache Hadoop: Temporary File Local Information Disclosure
2024-09-25 09:30:46
cve
cve
CVE-2024-23454
2024-09-25 08:15:04
nvd
nvd
CVE-2024-23454
2024-09-25 08:15:04
osv
osv
Apache Hadoop: Temporary File Local Information Disclosure
2024-09-25 09:30:46
AI Score
6.5
Confidence
Low
EPSS
0
Percentile
9.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-23454