CVE-2016-6811
HIGHApache Hadoop 2.2.0-2.7.3 - Privilege Escalation to Root via YARN User
Title source: llmDescription
In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
References (1)
Core 1
Core References
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/9ba3c12bbdfd5b2cae60909e48f92608e00c8d99196390b8cfeca307%40%3Cgeneral.hadoop.apache.org%3E
Scores
CVSS v3
8.8
EPSS
0.0054
EPSS Percentile
67.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (2)
apache/hadoop
2.2.0 - 2.7.3
org.apache.hadoop/hadoop-common
2.0.0-alpha - 2.7.4Maven
Published
Apr 11, 2017
Tracked Since
Feb 18, 2026