Cloudera Community
jeromedruais
user rank
Explorer

Re: CVE-2022-25168

by Explorer in Support Questions
‎04-18-2023 10:35 AM
‎04-18-2023 10:35 AM
Hello @rki_ , as we stil have some clusters running with HDP 2.6.5 (HDP 2.6.5.363-1)for some months before moving to CDP, does exist workarounds to mitigate this CVE ?   Thanks in advance for your answer. ... View more

Re: Are there any effects of Spark2 by CVE-2022-33...

by Explorer in Support Questions
‎10-11-2022 07:45 AM
‎10-11-2022 07:45 AM
Hello @rki as I can't find those parameters into Ambari, is it possible to enforce disabling it spark.enable.acls = false into Ambari (Custom Spark-defaults) ? Or maybe it's not be possible to expose by Ambari at all ! Thanks in advance. ... View more

Re: Are there any effects of Spark2 by CVE-2022-33...

by Explorer in Support Questions
‎09-28-2022 07:03 AM
‎09-28-2022 07:03 AM
Hi @rki_ , unfortunately, on my kerberos cluster (HDP 2.6.5), I can't find it in Spark from Ambari. Do I need to activate them specifically  into custom Spark configs even it's disabled (false) by default ? ... View more

Re: Are there any effects of Spark2 by CVE-2022-33...

by Explorer in Support Questions
‎09-27-2022 07:52 AM
‎09-27-2022 07:52 AM
Hello @rki_ , how could we saw or configure it to disable acls ? Thanks for your answer. ... View more

Re: CVE-2022-33891

by Explorer in Support Questions
‎09-26-2022 06:57 AM
‎09-26-2022 06:57 AM
Hello @jagadeesan , @rki_  parameters you mentioned do not appear in Ambari. Does that mean our clusters are running with the default settings, exposing the clusters to the vulnerability ? Please, could you provide the way to set this parameters (which custom settings for Spark 1 and Spark 2 as well as the keys and values). Thanks in advance. ... View more

Re: CVE-2022-33891

by Explorer in Support Questions
‎09-20-2022 05:51 AM
‎09-20-2022 05:51 AM
Hello, parameters you mentioned do not appear in Ambari. Does that mean our clusters are running with the default settings, exposing the clusters to the vulnerability ? Please, could you provide the way to set this parameters (which custom settings for Spark 1 and Spark 2 as well as the keys and values). Thanks in advance. ... View more

Re: CVE-2022-33891

by Explorer in Support Questions
‎09-02-2022 08:14 AM
‎09-02-2022 08:14 AM
Thanks for this answer I haven't seen before today. Does the community should provide a fix for Spark 2 versions ? ... View more

CVE-2021-33036

by Explorer in Support Questions
‎07-26-2022 01:29 AM
‎07-26-2022 01:29 AM
Hello, I would like to know if this CVE which impacts Apache Hadoop is already resolve into HDP or CDP products ?   In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.   https://nvd.nist.gov/vuln/detail/CVE-2021-33036 Thanks in advance for your help. ... View more
Labels:

Re: CVE-2022-33891

by Explorer in Support Questions
‎07-26-2022 01:13 AM
‎07-26-2022 01:13 AM
Thanks @jagadeesan for your answer. So, will you provide fixes for any HDP or CDP version to mitigate this issue ?   ... View more

CVE-2022-33891

by Explorer in Support Questions
‎07-22-2022 08:13 AM
‎07-22-2022 08:13 AM
Hello, a new CVE appears on Apache Spark. Does it impact every versions of Spark ? https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33891 Thanks in advance for your help. ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎06-15-2023 09:49 AM
Community Statistics
Member Since ‎05-25-2020 08:34 AM
Last Visited ‎06-15-2023 09:49 AM
Posts 12