CVE-2017-7669

HIGH7.5EPSS 0.30%

Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation

發布日:2022/5/17修改日:2023/11/8

描述

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. This issue is fixed in versions 2.8.1 and 3.0.0-alpha3.

受影響套件(1)

Maven/org.apache.hadoop:hadoop-commonfrom 0, < 2.8.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-7669
WEBhttps://mail-archives.apache.org/mod_mbox/hadoop-user/201706.mbox/%3C4A2FDA56-491B-4C2A-915F-C9D4A4BDB92A%40apache.org%3E
WEBhttp://www.securityfocus.com/bid/98795