CGA-cwr2-q95m-c7q6

Published

Last updated

https://images.chainguard.dev/security/CGA-cwr2-q95m-c7q6

Package

hadoop-fips-3.3.6

Repository

Chainguard

Latest Update

Fix not planned

Aliases

CVE-2017-7669
GHSA-h24p-qwf4-84q8

Severity

Unknown

Summary

Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation

Description

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. This issue is fixed in versions 2.8.1 and 3.0.0-alpha3.

References

https://nvd.nist.gov/vuln/detail/CVE-2017-7669
https://github.com/advisories/GHSA-h24p-qwf4-84q8
https://mail-archives.apache.org/mod_mbox/hadoop-user/201706.mbox/%3C4A2FDA56-491B-4C2A-915F-C9D4A4BDB92A%40apache.org%3E
http://www.securityfocus.com/bid/98795

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-cwr2-q95m-c7q6

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources