Vulnerability Details CVE-2017-7669
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 75.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 8.5
References
- http://www.securityfocus.com/bid/98795
- https://mail-archives.apache.org/mod_mbox/hadoop-user/201706.mbox/%3C4A2FDA56-491B-4C2A-915F-C9D4A4BDB92A%40apache.org%3E
- http://www.securityfocus.com/bid/98795
- https://mail-archives.apache.org/mod_mbox/hadoop-user/201706.mbox/%3C4A2FDA56-491B-4C2A-915F-C9D4A4BDB92A%40apache.org%3E