CVE-2018-8029
published 2019-05-30CVE-2018-8029: In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands…
high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | 2.2.0 – 2.8.4 | — |
| apache | hadoop | 3.0.1 – 3.1.0 | — |