Vulnerabilities > Apache > Hadoop > 2.0.2

DATE CVE VULNERABILITY TITLE RISK
2017-03-23 CVE-2014-0229 Permissions, Privileges, and Access Controls vulnerability in multiple products
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.
network
low complexity
cloudera apache CWE-264
6.5
6.5