CVE-2014-3627
Description
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
1.616
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2014-3627 are fixed in Apache-hadoop-client 1.0.1 | Windows |
| Vulnerabilities CVE-2014-3627 are fixed in Apache-hadoop-client 2.5.2 | Windows |
| Vulnerabilities CVE-2014-3627 are fixed in Apache-hadoop-client for Linux 1.0.1 | Linux |
| Vulnerabilities CVE-2014-3627 are fixed in Apache-hadoop-client for Linux 2.5.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234