CVE-2021-33036

Published: Jun 15, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

Vendor	Product	Versions
Apache Software Foundation	Apache Hadoop	affected `2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1`

Weaknesses (CWE)

CWE-264

CWE-24

References

https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5

x_refsource_MISC

[oss-security] 20220615 CVE-2021-33036: Apache Hadoop Privilege escalation vulnerability

mailing-list

x_refsource_MLIST

https://security.netapp.com/advisory/ntap-20220722-0003/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-33036

Description

Affected Products

Weaknesses (CWE)

References