漏洞描述
【漏洞对象】Hadoop YARN 【涉及版本】Hadoop YARN 【漏洞描述】 Hadoop YARN (Yet Another ResourceNegotiator,另一种资源协调者)是一种新的 Hadoop资源管理器,它是一个通用资源管理系统,可为上层应用提供统一的资源管理和调度,它的引入为集群在利用率、资源统一管理和数据共享等方面带来了巨大好处。 HadoopYARN ResourceManager存在安全漏洞,黑客在未授权的情况下可执行任意命令。
Hadoop YARN ResourceManager-远程命令执行
PoC代码
暂无相关漏洞推荐
- hadoop-yarn-rpc-rce: Hadoop Yarn RPC RCE
- POC hadoop-disclosure: Apache Hadoop Disclosure
- POC hadoop-yarn-unauth: Hadoop Yarn Unauth
- POC yarn-manager-exposure: Apache YARN ResourceManager Panel - Detect
- POC hadoop-unauth-rce: Apache Hadoop YARN ResourceManager - Remote Code Execution
- POC yarn-resourcemanager-rce: Apache Hadoop YARN ResourceManager - Remote Code Execution
- Apache Hadoop 敏感信息存储不当漏洞
- 关于NC及NC Cloud系统的IResourceManager文件上传漏洞的安全通告
- Atlassian Confluence Server PackageResourceManager信息泄露漏洞
- Apache Hadoop 弱口令漏洞
- Apache Hadoop cluster 未授权访问漏洞
- POC 用友NC ResourceManagerServlet 接口存在反序列化漏洞
- Hadoop YARN REST API 未授权访问导致远程代码执行漏洞