Vulnerabilities > Apache > Hadoop > 3.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-07 | CVE-2018-1296 | Information Exposure vulnerability in Apache Hadoop In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent. | 7.5 |
| 2018-11-13 | CVE-2018-8009 | Path Traversal vulnerability in Apache Hadoop Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file. | 8.8 |
| 2018-01-19 | CVE-2017-15713 | Information Exposure vulnerability in Apache Hadoop Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. | 6.5 |
| 2017-11-13 | CVE-2017-3166 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Hadoop In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file. | 7.8 |
| 2017-06-05 | CVE-2017-7669 | Improper Input Validation vulnerability in Apache Hadoop 2.8.0/3.0.0 In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. | 7.5 |