CVE-2017-15718

CRITICAL9.8EPSS 1.6%

Exposure of Sensitive Information in Hadoop

Published: 12/21/2018Modified: 11/8/2023

Description

The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Affected packages (1)

Maven/org.apache.hadoop:hadoop-main>= 2.7.3, < 2.7.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://github.com/advisories/GHSA-mq8p-h798-xcrp
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-15718
WEBhttps://lists.apache.org/thread.html/773c93c2d8a6a52bbe97610c2b1c2ad205b970e1b8c04fb5b2fccad6@%3Cgeneral.hadoop.apache.org%3E