WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2014-0229 Vulnerability in maven package org.apache.hadoop:hadoop-hdfs

Description

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.

Remediation

References

https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r

Related Vulnerabilities

CVE-2019-10475 Vulnerability in maven package org.jenkins-ci.plugins:build-metrics

CVE-2018-1999046 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2018-1000136 Vulnerability in maven package org.webjars.npm:electron

CVE-2020-6463 Vulnerability in maven package org.webjars.npm:electron

CVE-2023-49447 Vulnerability in maven package com.jfinal:jfinal

Severity

High

Classification

CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Vendor Advisory