CVE-2017-15713

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-15713
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15713.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-15713
Aliases
Published
2018-01-19T17:29:00Z
Modified
2024-09-02T23:49:01Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.

References