CVE-2021-33036

CVE-2021-33036: Apache Hadoop Privilege escalation vulnerability

Vendor Apache Software Foundation

Product Apache Hadoop

Weakness CWE-264

Published June 15, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

Key dates

Disclosure timeline

June 15, 2022 CVE published

August 3, 2024 Record updated