CVE-2017-15718 – org.apache.hadoop:hadoop-main

Package

Manager: maven
Name: org.apache.hadoop:hadoop-main
Vulnerable Version: >=2.7.3 <2.7.5

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01336 pctl0.79225

Details

Exposure of Sensitive Information in Hadoop The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Metadata

Created: 2018-12-21T17:50:20Z
Modified: 2022-09-14T22:26:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/12/GHSA-mq8p-h798-xcrp/GHSA-mq8p-h798-xcrp.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-mq8p-h798-xcrp
Finding: F038
Auto approve: 1