H3-2020-0023¶

Apache Hadoop YARN ResourceManager Unauthenticated Command Execution

Description¶

The default configuration of the YARN ResourceManager of Apache Hadoop allows unauthenticated users to execute arbitrary commands with the privileges of the executing Hadoop node.

Impact¶

Attackers can execute arbitrary commands on nodes in the Hadoop cluster and gain shell access to those nodes.

References¶

• Hadoop Safari - Hunting for Vulnerabilities
• YARN Application Security
• Configuring YARN Security (Cloudera)
• New DemonBot Discovered
• Metasploit: Hadoop YARN ResourceManager Unauthenticated Command Execution