CVE-2017-7669
Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation
7.5
HIGH
CVSS 3.1
EPSS 0.30%
Description
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. This issue is fixed in versions 2.8.1 and 3.0.0-alpha3.
How to fix CVE-2017-7669
To remediate CVE-2017-7669, upgrade the affected package to a fixed version below.
- —upgrade to 2.8.1 or later
Is CVE-2017-7669 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.8.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |