| |
Vulnerability CVE-2017-7669
Published: 2017-06-04 Modified: 2017-06-05
Description: |
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. |
CVSS2 => (AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
8.5/10 |
10/10 |
6.8/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
Single time |
Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
http://www.securityfocus.com/bid/98795
https://mail-archives.apache.org/mod_mbox/hadoop-user/201706.mbox/%3C4A2FDA56-491B-4C2A-915F-C9D4A4BDB92A%40apache.org%3E
|
|
|
Copyright 2024, cxsecurity.com
|
|
|