Home > Vulnerability Database > CVE-2024-23454

Mend.io Vulnerability Database

CVE-2024-23454

Good to know:

Date: September 25, 2024

Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporary directory is shared between all local users. As such, files written in this directory, without setting the correct posix permissions explicitly, may be viewable by all other local users.

Severity Score

4.0

Related Resources (8)

Url: https://github.com/apache/hadoop/commit/8c2836402fbb2f619f1fef4ef625a8542e853a64

Url: https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs

Url: https://issues.apache.org/jira/browse/HADOOP-19031

Url: http://www.openwall.com/lists/oss-security/2024/09/25/1

Url: https://security.netapp.com/advisory/ntap-20241101-0002/

Url: https://github.com/apache/hadoop

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-23454

Url: https://www.mend.io/vulnerability-database/CVE-2024-23454

Severity Score

4.0

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Improper Privilege Management

CWE-269

Top Fix

Upgrade Version

Upgrade to version org.apache.hadoop:hadoop-common:3.4.0

Learn More

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-23454

Good to know:

Date: September 25, 2024

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?