CVE-2014-0229
Improper Authentication in Apache Hadoop
6.5
MEDIUM
CVSS 3.1
EPSS 0.46%
Description
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.
How to fix CVE-2014-0229
To remediate CVE-2014-0229, upgrade the affected package to a fixed version below.
- —upgrade to 0.23.11 or later
Is CVE-2014-0229 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 0.23.0, < 0.23.11
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |