CVE-2014-0229

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
clouderacdh
5.0.0
clouderacdh
5.0.0:beta
clouderacdh
5.0.0:beta2
apachehadoop
0.23.0
apachehadoop
0.23.1
apachehadoop
0.23.3
apachehadoop
0.23.4
apachehadoop
0.23.5
apachehadoop
0.23.6
apachehadoop
0.23.7
apachehadoop
0.23.8
apachehadoop
0.23.9
apachehadoop
0.23.10
apachehadoop
2.0.0:alpha
apachehadoop
2.0.1:alpha
apachehadoop
2.0.2:alpha
apachehadoop
2.0.3:alpha
apachehadoop
2.0.4:alpha
apachehadoop
2.0.5:alpha
apachehadoop
2.0.6:alpha
apachehadoop
2.1.0:beta
apachehadoop
2.1.1:beta
apachehadoop
2.2.0
apachehadoop
2.3.0
apachehadoop
2.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r