CVE-2014-0229 Information

Description

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1 as used in Cloudera CDH 5.0.x before 5.0.2 do not check authorization for the (1) refreshNamenodes (2) deleteBlockPool and (3) shutdownDatanode HDFS admin commands which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.htmlconcept_i1q_xvk_2r

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5