CVE-2021-33036
HIGHApache Hadoop <2.10.2, <3.2.3, <3.3.2 - Privilege Escalation
Title source: llmDescription
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
References (3)
Core 3
Core References
Mailing List, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/06/15/2
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220722-0003/
Scores
CVSS v3
8.8
EPSS
0.0323
EPSS Percentile
86.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
CWE-264
CWE-24
Status
published
Products (3)
apache/hadoop
3.0.0 alpha1 (4 CPE variants)
apache/hadoop
2.2.0 - 2.10.2
org.apache.hadoop/hadoop-yarn-server-common
2.2.0 - 2.10.2Maven
Published
Jun 15, 2022
Tracked Since
Feb 18, 2026