CVE-2021-33036
Description
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.095
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-33036 are fixed in Apache-hadoop-yarn-server-common 2.10.2 | Windows |
| Vulnerabilities CVE-2021-33036 are fixed in Apache-hadoop-yarn-server-common 3.2.3 | Windows |
| Vulnerabilities CVE-2021-33036 are fixed in Apache-hadoop-yarn-server-common 3.3.2 | Windows |
| Vulnerabilities CVE-2021-33036 are fixed in Apache-hadoop-yarn-server-common for Linux 2.10.2 | Linux |
| Vulnerabilities CVE-2021-33036 are fixed in Apache-hadoop-yarn-server-common for Linux 3.2.3 | Linux |
| Vulnerabilities CVE-2021-33036 are fixed in Apache-hadoop-yarn-server-common for Linux 3.3.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234