CVE-2015-1776

MEDIUM6.2EPSS 0.07%

Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop

Published: 5/17/2022Modified: 11/8/2023

Description

Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file.

Affected packages (1)

Maven/org.apache.hadoop:hadoop-common>= 2.6.0, < 2.6.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.2	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-1776
WEBhttp://mail-archives.apache.org/mod_mbox/hadoop-general/201602.mbox/%3CCAGCyb56CPgQMcxZ7jP87SfM5OKGx+E49DtrzCTQ6+nQf2a4nSA@mail.gmail.com%3E