In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
If you are using the affected version of Apache Hadoop and some users can escalate to yarn user and cannot escalate to root user, remove the permission to escalate to yarn user from them.
References
History
No history.

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-08-03T23:42:19.282Z
Reserved: 2021-05-17T00:00:00
Link: CVE-2021-33036

No data.

Status : Modified
Published: 2022-06-15T15:15:07.973
Modified: 2024-11-21T06:08:10.190
Link: CVE-2021-33036


No data.