{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T04:58:35.190","vulnerabilities":[{"cve":{"id":"CVE-2024-23454","sourceIdentifier":"security@apache.org","published":"2024-09-25T08:15:04.317","lastModified":"2025-11-13T14:14:48.893","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content.\nThis is because, on unix-like systems, the system temporary directory is\nshared between all local users. As such, files written in this directory,\nwithout setting the correct posix permissions explicitly, may be viewable\nby all other local users."},{"lang":"es","value":"RunJar.run() de Apache Hadoop no establece permisos para el directorio temporal de forma predeterminada. Si en este archivo se encuentran datos confidenciales, todos los demás usuarios locales podrán ver el contenido. Esto se debe a que, en sistemas tipo Unix, el directorio temporal del sistema se comparte entre todos los usuarios locales. Por lo tanto, los archivos escritos en este directorio, sin establecer explícitamente los permisos posix correctos, pueden ser visibles para todos los demás usuarios locales."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-378"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*","versionEndExcluding":"3.4.0","matchCriteriaId":"B563F47C-E267-44FF-B9D5-0E262602149E"}]}]}],"references":[{"url":"https://issues.apache.org/jira/browse/HADOOP-19031","source":"security@apache.org","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2024/09/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20241101-0002/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}