CVE-2017-7669

Source
https://cve.org/CVERecord?id=CVE-2017-7669
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7669.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-7669
Aliases
Published
2017-06-05T01:29:00.537Z
Modified
2026-07-08T16:53:42.493394Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.

References

Affected packages

Git / github.com/apache/hadoop

Affected ranges

Type
GIT
Repo
https://github.com/apache/hadoop
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:apache:hadoop:2.8.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*",
        "cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*"
    ],
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "2.8.0"
        },
        {
            "last_affected": "2.8.0"
        },
        {
            "introduced": "3.0.0-alpha1"
        },
        {
            "last_affected": "3.0.0-alpha1"
        },
        {
            "introduced": "3.0.0-alpha2"
        },
        {
            "last_affected": "3.0.0-alpha2"
        }
    ]
}

Affected versions

2.*
2.8.0
3.*
3.0.0-alpha1
3.0.0-alpha2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7669.json"