Improper Authentication in Apache Hadoop

GHSA-9r7g-325h-mxrm · CVE-2014-0229

Published May 17, 2022 · Modified Nov 8, 2023

Description

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-0229
WEB https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes