The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
References
Link | Resource |
---|---|
http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E | Mailing List Mitigation Vendor Advisory |
http://www.securityfocus.com/bid/95335 | VDB Entry Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-09-05 06:29
Updated : 2017-09-11 11:25
NVD link : CVE-2016-3086
Mitre link : CVE-2016-3086
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
apache
- hadoop