Search for vulnerabilities
Vulnerability details: VCID-awsq-a54z-a7am
Vulnerability ID VCID-awsq-a54z-a7am
Aliases CVE-2012-2945
GHSA-v5c9-98f7-2h54
Summary Hadoop symlink vulnerability Hadoop 1.0.3 contains a symlink vulnerability as a result of storing pid files in the shared `/tmp` directory by default.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-377 Insecure Temporary File
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2945.json
epss 0.01713 https://api.first.org/data/v1/epss?cve=CVE-2012-2945
epss 0.01713 https://api.first.org/data/v1/epss?cve=CVE-2012-2945
cvssv3.1 7.5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535861
generic_textual HIGH https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535861
cvssv3.1 6.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-v5c9-98f7-2h54
cvssv3.1 7.5 https://github.com/apache/hadoop
generic_textual HIGH https://github.com/apache/hadoop
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2012-2945
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2012-2945
cvssv3.1 7.5 https://seclists.org/fulldisclosure/2012/Jul/3
generic_textual HIGH https://seclists.org/fulldisclosure/2012/Jul/3
cvssv3.1 7.5 https://security-tracker.debian.org/tracker/CVE-2012-2945
generic_textual HIGH https://security-tracker.debian.org/tracker/CVE-2012-2945
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2945.json
https://api.first.org/data/v1/epss?cve=CVE-2012-2945
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535861
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/apache/hadoop
https://nvd.nist.gov/vuln/detail/CVE-2012-2945
https://seclists.org/fulldisclosure/2012/Jul/3
https://security-tracker.debian.org/tracker/CVE-2012-2945
1775204 https://bugzilla.redhat.com/show_bug.cgi?id=1775204
GHSA-v5c9-98f7-2h54 https://github.com/advisories/GHSA-v5c9-98f7-2h54
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2945.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535861
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/apache/hadoop
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-2945
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://seclists.org/fulldisclosure/2012/Jul/3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://security-tracker.debian.org/tracker/CVE-2012-2945
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.81505
EPSS Score 0.01713
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:22:58.836285+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-v5c9-98f7-2h54/GHSA-v5c9-98f7-2h54.json 36.1.3