CVE-2018-11766

描述

In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.

受影響套件(1)

• Maven/org.apache.hadoop:hadoop-main>= 2.7.4, < 2.7.7

CVSS 分數

參考連結(4)

• ADVISORYhttps://github.com/advisories/GHSA-rqj9-cq6j-958r
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-11766
• WEBhttps://lists.apache.org/thread.html/ff37bbbe09d5f03090e2dd2c3dea95de16ef4249e731f19b8959ce4c@%3Cgeneral.hadoop.apache.org%3E
• WEBhttp://www.securityfocus.com/bid/106035