vulnerability

Apache Hadoop YARN ResourceManager REST API Arbitrary Command Execution

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Oct 19, 2016
Added
Nov 17, 2020
Modified
Feb 18, 2025

Description

Access to Apache Hadoop YARN's ResourceManager REST API could lead to arbitrary command execution. By default, Hadoop HTTP web-consoles (ResourceManager, NameNode, NodeManagers, and DataNodes) allow access without any form of authentication.

Solution

http-hadoop-yarn-resourcemanager
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.