High severity7.5NVD Advisory· Published Jun 5, 2017· Updated May 13, 2026

CVE-2017-7669

Description

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.apache.hadoop:hadoop-commonMaven	< 2.8.1	2.8.1
org.apache.hadoop:hadoop-commonMaven	>= 3.0.0-alpha1, < 3.0.0-alpha3	3.0.0-alpha3

Affected products

Apache/Hadoop3 versions
cpe:2.3:a:apache:hadoop:2.8.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:apache:hadoop:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*
Apache Software Foundation/Apache Hadoopv5
Range: 2.8.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/98795nvdThird Party AdvisoryVDB EntryWEB
github.com/advisories/GHSA-h24p-qwf4-84q8ghsaADVISORY
mail-archives.apache.org/mod_mbox/hadoop-user/201706.mbox/%3C4A2FDA56-491B-4C2A-915F-C9D4A4BDB92A%40apache.org%3EnvdMailing ListVendor AdvisoryWEB
nvd.nist.gov/vuln/detail/CVE-2017-7669ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000