High severityNVD Advisory· Published Nov 27, 2018· Updated Aug 5, 2024
CVE-2018-11766
CVE-2018-11766
Description
In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.hadoop:hadoop-mainMaven | >= 2.7.4, < 2.7.7 | 2.7.7 |
Affected products
2- Apache Software Foundation/Apache Hadoopv5Range: Apache Hadoop 2.7.4 to 2.7.6
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-rqj9-cq6j-958rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-11766ghsaADVISORY
- www.securityfocus.com/bid/106035ghsavdb-entryx_refsource_BIDWEB
- lists.apache.org/thread.html/ff37bbbe09d5f03090e2dd2c3dea95de16ef4249e731f19b8959ce4c%40%3Cgeneral.hadoop.apache.org%3Emitrex_refsource_MISC
- lists.apache.org/thread.html/ff37bbbe09d5f03090e2dd2c3dea95de16ef4249e731f19b8959ce4c@%3Cgeneral.hadoop.apache.org%3EghsaWEB
News mentions
0No linked articles in our index yet.