CVE-2024-23454

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-23454
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23454.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-23454
Aliases
Downstream
Related
Published
2024-09-25T08:15:04.317Z
Modified
2026-04-10T05:09:30.337327Z
Severity
  • 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporary directory is shared between all local users. As such, files written in this directory, without setting the correct posix permissions explicitly, may be viewable by all other local users.

References

Affected packages

Git / github.com/apache/hadoop

Affected ranges

Type
GIT
Repo
https://github.com/apache/hadoop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
bd8b77f398f626bb7791783192ee7a5dfaeec760
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.4.0"
        }
    ]
}

Affected versions

release-3.*
release-3.4.0-RC0
release-3.4.0-RC1
release-3.4.0-RC2
Other
remove-ozone

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23454.json"