{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-05T23:23:26.244","vulnerabilities":[{"cve":{"id":"CVE-2021-33036","sourceIdentifier":"security@apache.org","published":"2022-06-15T15:15:07.973","lastModified":"2024-11-21T06:08:10.190","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher."},{"lang":"es","value":"En Apache Hadoop versiones 2.2.0 a 2.10.1, 3.0.0-alpha1 a 3.1.4, 3.2.0 a 3.2.2 y 3.3.0 a 3.3.1, un usuario que puede escalar a usuario hilo puede ejecutar posiblemente comandos arbitrarios como usuario root. Los usuarios deben actualizar a Apache Hadoop versiones 2.10.2, 3.2.3, 3.3.2 o superior"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-24"},{"lang":"en","value":"CWE-264"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndExcluding":"2.10.2","matchCriteriaId":"0C7086C6-7F7A-4D1B-8168-B8D22DEBC0B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.1","versionEndExcluding":"3.2.3","matchCriteriaId":"A815DF9F-7E9E-4AC2-BDA6-6171B01BF778"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.3.2","matchCriteriaId":"95BECC24-F7DC-4052-9B82-5B78005C3210"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"C33530ED-6093-4B4C-AFDB-4DB5EB5878E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*","matchCriteriaId":"38BCF20D-169E-4847-8880-A223467B8639"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:*","matchCriteriaId":"336DADCF-3302-423D-BFDC-72C031AD1CAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*","matchCriteriaId":"689B619C-04C4-43C6-B103-DDAAA9C9CC9C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2022/06/15/2","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20220722-0003/","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2022/06/15/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20220722-0003/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}