CVE-2021-33036

User account escalation in Apache Hadoop in maven/org.apache.hadoop/hadoop-yarn-server-common

Identifiers

GHSA-58jx-f5rf-qgqf, CVE-2021-33036

Package Slug

maven/org.apache.hadoop/hadoop-yarn-server-common

Vulnerability

User account escalation in Apache Hadoop

Description

In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

Affected Versions

All versions starting from 2.2.0 before 2.10.2, all versions starting from 3.0.0 before 3.2.3, all versions starting from 3.3.0 before 3.3.2

Solution

Upgrade to versions 2.10.2, 3.2.3, 3.3.2 or above.

Last Modified

2022-06-19

source