CVE-2024-23454— Apache Hadoop: Temporary File Local Information Disclosure
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-23454
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Hadoop: Temporary File Local Information Disclosure
Source: NVD (National Vulnerability Database)
Vulnerability Description
Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporary directory is shared between all local users. As such, files written in this directory, without setting the correct posix permissions explicitly, may be viewable by all other local users.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
创建拥有不安全权限的临时文件
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Hadoop 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Hadoop是美国阿帕奇(Apache)基金会的一套开源的分布式系统基础架构。该产品能够对大量数据进行分布式处理,并具有高可靠性、高扩展性、高容错性等特点。 Apache Hadoop存在安全漏洞,该漏洞源于RunJar.run默认不设置临时目录的权限。如果此文件中存在敏感数据,则所有其他本地用户都可能能够查看内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Hadoop | 0 ~ 3.4.0 | - |
II. Public POCs for CVE-2024-23454
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-23454
请登录查看更多情报信息。
- https://issues.apache.org/jira/browse/HADOOP-19031issue-tracking
- https://nvd.nist.gov/vuln/detail/CVE-2024-23454
IV. Related Vulnerabilities
Same product: Apache Hadoop
- CVE-2023-26031
Privilege escalation in Apache Hadoop Yarn container-executo - CVE-2021-25642
Apache Hadoop YARN remote code execution in ZKConfigurationS - CVE-2022-25168
Command injection in org.apache.hadoop.fs.FileUtil.unTarUsin - CVE-2021-33036
Apache Hadoop Privilege escalation vulnerability - CVE-2021-37404
Heap buffer overflow in libhdfs native library
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-378
- CVE-2026-33572
OpenClaw < 2026.2.17 - Insufficient File Permissions in Sess - CVE-2026-4822
Enter Software Iperius Backup Backup Service temp file - CVE-2025-46685
Dell SupportAssist OS Recovery 安全漏洞 - CVE-2025-46684
Dell SupportAssist OS Recovery 安全漏洞 - CVE-2025-34352
JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delet
V. Comments for CVE-2024-23454
No comments yet