CVE-2017-7669

HIGH7.5EPSS 0.30%

Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation

Published: 5/17/2022Modified: 11/8/2023

Description

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. This issue is fixed in versions 2.8.1 and 3.0.0-alpha3.

Affected packages (1)

Maven/org.apache.hadoop:hadoop-commonfrom 0, < 2.8.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-7669
WEBhttps://mail-archives.apache.org/mod_mbox/hadoop-user/201706.mbox/%3C4A2FDA56-491B-4C2A-915F-C9D4A4BDB92A%40apache.org%3E
WEBhttp://www.securityfocus.com/bid/98795