CVE-2014-0229Improper Authentication in Apache Hadoop

CWE-264CWE-287Improper Authentication4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 41.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache HadoopCloudera CDH
Timeline
PublishedMar 23
Latest updateMay 17

Description

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDapache/hadoop22 versions+21
NVDcloudera/cdh5.0.0

🔴Vulnerability Details

3
GHSA
Improper Authentication in Apache Hadoop2022-05-17
OSV
Improper Authentication in Apache Hadoop2022-05-17
CVEList
CVE-2014-0229: Apache Hadoop 02017-03-23
CVE-2014-0229 — Improper Authentication in Apache | cvebase