CVE-2021-33036

high

Description

In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

References

https://security.netapp.com/advisory/ntap-20220722-0003/

https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5

http://www.openwall.com/lists/oss-security/2022/06/15/2

Details

Source: Mitre, NVD

Published: 2022-06-15

Updated: 2022-10-27

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High