CVE-2018-11766
First published: Tue Nov 27 2018(Updated: )
In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Hadoop | >=2.7.4<=2.7.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Apache Hadoop security issue?
The vulnerability ID for this Apache Hadoop security issue is CVE-2018-11766.
What is the severity of CVE-2018-11766?
The severity of CVE-2018-11766 is critical with a CVSS score of 8.8.
Which versions of Apache Hadoop are affected by CVE-2018-11766?
Apache Hadoop versions 2.7.4 to 2.7.6 are affected by CVE-2018-11766.
What is the potential impact of CVE-2018-11766?
An attacker who can escalate to the yarn user can potentially run arbitrary commands as the root user.
Are there any references for CVE-2018-11766?
Yes, you can find references for CVE-2018-11766 at the following links: [SecurityFocus](http://www.securityfocus.com/bid/106035) and [Apache Hadoop mailing list](https://lists.apache.org/thread.html/ff37bbbe09d5f03090e2dd2c3dea95de16ef4249e731f19b8959ce4c@%3Cgeneral.hadoop.apache.org%3E).
- collector/nvd-index
- agent/references
- agent/author
- agent/event
- agent/severity
- agent/type
- agent/description
- agent/softwarecombine
- agent/tags
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache hadoop
- version/apache hadoop/2.7.4
- version/apache hadoop/2.7.6