CVE-2016-3086 – org.apache.hadoop:hadoop-yarn-server-nodemanager

Package

Manager: maven
Name: org.apache.hadoop:hadoop-yarn-server-nodemanager
Vulnerable Version: >=2.6.0 <2.6.5 || >=2.7.0 <2.7.3

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00428 pctl0.61656

Details

Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Metadata

Created: 2022-05-17T01:08:00Z
Modified: 2022-07-06T19:57:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-895m-ww55-59vw/GHSA-895m-ww55-59vw.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-895m-ww55-59vw
Finding: F038
Auto approve: 1