CVE-2017-7669

Summary

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Hadoop2.8.0affected
Apache Software FoundationApache Hadoop3.0.0-alpha1 and 3.0.0-alpha2affected

Weaknesses

  • Privilege escalation

ADP Enrichment

CVE Program Container

Additional References

References