Miggo Logo

CVE-2018-8029: Privilege escalation vulnerability in Apache Hadoop

8.8

CVSS Score
3.0

Basic Information

EPSS Score
0.81767%
Published
5/31/2019
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.hadoop:hadoop-mainmaven>= 2.2.0, < 2.8.42.8.4
org.apache.hadoop:hadoop-mainmaven>= 2.9.0, < 2.9.22.9.2
org.apache.hadoop:hadoop-mainmaven>= 3.0.0, < 3.1.13.1.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability centers around improper authorization in YARN container execution. Analysis of Hadoop's architecture reveals that:

  1. LinuxContainerExecutor.startContainer() is the primary method for launching containers with user privileges
  2. The vulnerability description explicitly mentions privilege escalation from yarn to root
  3. Historical Hadoop vulnerabilities (CVE-2016-3086) show similar patterns in container execution paths
  4. The CWE-285 classification indicates missing authorization checks in security-sensitive operations While exact patch details are unavailable, these functions are central to container privilege management and match the vulnerability's behavioral profile.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In *p**** ***oop v*rsions *.*.*-*lp*** to *.*.*, *.*.* to *.*.*, *n* *.*.* to *.*.*, * us*r w*o **n *s**l*t* to y*rn us*r **n possi*ly run *r*itr*ry *omm*n*s *s root us*r.

Reasoning

T** vuln*r**ility **nt*rs *roun* improp*r *ut*oriz*tion in Y*RN *ont*in*r *x**ution. *n*lysis o* ***oop's *r**it**tur* r*v**ls t**t: *. Linux*ont*in*r*x**utor.st*rt*ont*in*r() is t** prim*ry m*t*o* *or l*un**in* *ont*in*rs wit* us*r privil***s *. T**