Apache Hadoop

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:apache_hadoop:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductApache Hadoop (0eb9f55d-b174-52c3-8627-66a0a8306316)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-9492 vulnerable 2026-06-08 05:28:02.070621 Details available
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
Published: 2021-01-26T12:55:29.000Z
Updated: 2024-08-04T10:26:16.405Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-8029 vulnerable 2026-06-08 05:12:05.022812 Details available
In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
Published: 2019-05-30T15:15:42.000Z
Updated: 2024-08-05T06:46:12.161Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-11768 vulnerable 2026-06-08 05:10:38.936199 Details available
In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.
Published: 2019-10-04T13:56:56.000Z
Updated: 2024-08-05T08:17:09.225Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-11767 vulnerable 2026-06-08 05:10:38.935566 Details available
In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms.
Published: 2019-03-18T13:41:17.000Z
Updated: 2024-08-05T08:17:08.999Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-11765 vulnerable 2026-06-08 05:10:38.931666 Details available
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.
Published: 2020-09-30T17:02:20.000Z
Updated: 2024-08-05T08:17:09.112Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-11764 vulnerable 2026-06-08 05:10:38.929212 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-5393 vulnerable 2026-06-08 05:07:56.917648 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.