CVE-2016-6811

CWE-264CWE-268CWE-27713 documents7 sources
Severity
8.8HIGH
EPSS
0.5%
top 32.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache HadoopApache Software Foundation Apache Hadoop
Timeline
PublishedApr 11
Latest updateMay 14

Description

In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Mavenorg.apache.hadoop:hadoop-common2.0.0-alpha2.7.4
NVDapache/hadoop2.2.02.7.3
CVEListV5apache_software_foundation/apache_hadoopApache Hadoop 2.7.4 to 2.7.6

🔴Vulnerability Details

4
OSV
Insecure Inherited Permissions in Apache Hadoop2022-05-14
GHSA
Insecure Inherited Permissions in Apache Hadoop2022-05-14
GHSA
Arbitrary Command Execution in Hadoop2018-12-21
CVEList
CVE-2016-6811: In Apache Hadoop 22017-04-11

📋Vendor Advisories

4
Red Hat
hadoop: Privilege escalation to root (Incomplete fix for CVE-2016-6811)2018-11-27
Red Hat
hadoop: privilege escalation to root2018-05-01
Apache
Apache hadoop: CVE-2018-11766
Apache
Apache hadoop: CVE-2016-6811

💬Community

4
Bugzilla
CVE-2018-11766 hadoop: Privilege escalation to root (Incomplete fix for CVE-2016-6811) [fedora-all]2018-11-28
Bugzilla
CVE-2018-11766 hadoop: Privilege escalation to root (Incomplete fix for CVE-2016-6811)2018-11-28
Bugzilla
CVE-2016-6811 hadoop: privilege escalation to root [fedora-all]2018-05-04
Bugzilla
CVE-2016-6811 hadoop: privilege escalation to root2018-05-04