In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Fixes

Solution

No solution given by the vendor.


Workaround

If you are using the affected version of Apache Hadoop and some users can escalate to yarn user and cannot escalate to root user, remove the permission to escalate to yarn user from them.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-03T23:42:19.282Z

Reserved: 2021-05-17T00:00:00

Link: CVE-2021-33036

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-06-15T15:15:07.973

Modified: 2024-11-21T06:08:10.190

Link: CVE-2021-33036

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-06-15T00:00:00Z

Links: CVE-2021-33036 - Bugzilla

cve-icon OpenCVE Enrichment

No data.