CVE-2017-15713

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-15713
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15713.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-15713
Aliases
Published
2018-01-19T17:29:00.210Z
Modified
2026-04-10T03:57:34.475629Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.

References

Affected packages

Git / github.com/apache/hadoop

Affected ranges

Type
GIT
Repo
https://github.com/apache/hadoop
Events
Introduced
9f6e30b5abcbb10a37c751d71ee9bd304817db32
Last affected
03898292180fa8dd4dbb2179bc015acf4b933c60
Introduced
c40e9eb30aa4bf8f3c3eb7c139a06c665417b8c6
Last affected
66c47f2a01ad9637879e95f80c41f798373828fb
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
da30cf664ccc99a54059eb6b9ffa73dc68a95ed2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7188d28fb955413e5a2210c7ae193d5aebf1e4bd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d4f5c5cf5d05398cd95a72e73bd9e790bb16f8cd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a0c3d4bf4ba81d86be9306d46bc5989ef5a09455
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
428971416ee23756e0da877390b4a8d2aa6e197a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
58263d99cdb619ab9bbede1a4eba3247da7ca555
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b924d9ef327cf697cf656db0f5e2e7bd2d5f5e6d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
da2db3aff7788a45e63cc16d1c5b94687c33c684
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
50023abb20a710a92bf2a1e38d3ad410acd26438
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a990d2ebcd6de5d7dc2d3684930759b0f0ea4dc3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1337ef4eef14fbbb214e71b68b7eb07061a4a212
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7c0489beb9fdf12e223a9e57779d3fef765a44d2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e324cf8a2a6e55e996414ff281fee757f09d8172
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1002c582d86ae8689c497c3d31b73f1ab92d5e29
Database specific 
{
    "versions": [
        {
            "introduced": "0.23.0"
        },
        {
            "last_affected": "0.23.11"
        },
        {
            "introduced": "2.2.0"
        },
        {
            "last_affected": "2.8.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0-alpha"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.1-alpha"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.2-alpha"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.3-alpha"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.4-alpha"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.5-alpha"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.6-alpha"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.0-beta"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.1-beta"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-alpha1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-alpha2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-alpha3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-alpha4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-beta1"
        }
    ]
}

Affected versions

2.*
2.0.5-alpha-rc2
rel/release-2.*
rel/release-2.8.2
rel/release-3.*
rel/release-3.0.0-alpha1
rel/release-3.0.0-alpha2
rel/release-3.0.0-alpha3
rel/release-3.0.0-alpha4
rel/release-3.0.0-beta1
release-0.*
release-0.23.11
release-0.23.11-rc0
release-2.*
release-2.0.0-alpha
release-2.0.0-alpha-rc1
release-2.0.1-alpha
release-2.0.2-alpha
release-2.0.2-alpha-rc2
release-2.0.3-alpha
release-2.0.3-alpha-rc0
release-2.0.4-alpha
release-2.0.4-alpha-rc2
release-2.0.5-alpha
release-2.0.5-alpha-rc2
release-2.0.6-alpha
release-2.0.6-alpha-rc1
release-2.1.0-beta
release-2.1.0-beta-rc2
release-2.1.1-beta-rc0
release-2.8.2-RC0
release-2.8.2-RC1
release-3.*
release-3.0.0-alpha1-RC0
release-3.0.0-alpha2-RC0
release-3.0.0-alpha4-RC0
release-3.0.0-beta1-RC0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15713.json"