Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Hadoop 后置链接漏洞
Vulnerability Description
Apache Hadoop是美国阿帕奇(Apache)软件基金会的一套开源的分布式系统基础架构,它能够对大量数据进行分布式处理,并具有高可靠性、高扩展性、高容错性等特点。 Apache Hadoop 0.23.0版本至0.23.11版本和2.5.2之前2.x版本中的YARN NodeManager守护进程中存在安全漏洞。远程攻击者可通过对tar归档实施符号链接攻击利用该漏洞更改特定文件的权限为全局可读。
CVSS Information
N/A
Vulnerability Type
N/A