Vulnerability Description
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Hadoop | >= 2.2.0, < 2.10.2 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/06/15/2Mailing ListThird Party Advisory
- https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5Mailing ListVendor Advisory
- https://security.netapp.com/advisory/ntap-20220722-0003/Third Party Advisory
- http://www.openwall.com/lists/oss-security/2022/06/15/2Mailing ListThird Party Advisory
- https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5Mailing ListVendor Advisory
- https://security.netapp.com/advisory/ntap-20220722-0003/Third Party Advisory
FAQ
What is CVE-2021-33036?
CVE-2021-33036 is a vulnerability with a CVSS score of 8.8 (HIGH). In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade...
How severe is CVE-2021-33036?
CVE-2021-33036 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33036?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Hadoop.