CVE-2021-33036: Apache Hadoop Privilege escalation vulnerability
First published: Wed Jun 15 2022(Updated: )
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Hadoop | >=2.2.0<2.10.2 | |
| Apache Hadoop | >=3.0.1<3.2.3 | |
| Apache Hadoop | >=3.3.0<3.3.2 | |
| Apache Hadoop | =3.0.0-alpha1 | |
| Apache Hadoop | =3.0.0-alpha2 | |
| Apache Hadoop | =3.0.0-alpha3 | |
| Apache Hadoop | =3.0.0-alpha4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Apache Hadoop vulnerability?
The vulnerability ID for this Apache Hadoop vulnerability is CVE-2021-33036.
What is the severity of CVE-2021-33036?
The severity of CVE-2021-33036 is critical with a score of 8.8.
Which versions of Apache Hadoop are affected by CVE-2021-33036?
Apache Hadoop versions 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1 are affected by CVE-2021-33036.
How can a user exploit CVE-2021-33036?
A user who can escalate to yarn user can possibly run arbitrary commands as root user.
How can the Apache Hadoop vulnerability CVE-2021-33036 be mitigated?
Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/title
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/apache
- canonical/apache hadoop
- version/apache hadoop/2.2.0
- version/apache hadoop/3.0.1
- version/apache hadoop/3.3.0
- version/apache hadoop/3.0.0-alpha1
- version/apache hadoop/3.0.0-alpha2
- version/apache hadoop/3.0.0-alpha3
- version/apache hadoop/3.0.0-alpha4