CVE-2017-3166

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-3166
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3166.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-3166
Aliases
Published
2017-11-13T14:29:00Z
Modified
2024-09-03T01:52:24.524516Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.

References

Affected packages

Git / github.com/apache/hadoop

Affected ranges

Type
GIT
Repo
https://github.com/apache/hadoop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
32b9050ba5a6f06c122bc67ca151401b419ada5b
Last affected
41d19f47405652d821bbe74b645d29f048024bfe
Last affected
a990d2ebcd6de5d7dc2d3684930759b0f0ea4dc3
Last affected
ac0538aac347bfd97cc0dee1db49db503c15f1d9
Last affected
b165c4fe8a74265c792ce23f546c64604acf0e41
Last affected
baa91f7c6bc9cb92be5982de4719c1c8af91ccff
Last affected
c6f203dc3966ea380f9b785eb1034f5e8cdca1ab
Last affected
cc865b490b9a6260e9611a5b8633cab885b3d247
Last affected
d4c8d4d4d203c934e8074b31289a28724c0842cf
Last affected
e8c9fe0b4c252caf2ebf1464220599650f119997

Affected versions

Other

YARN-2928-2016-07-10

rel/release-2.*

rel/release-2.7.2
rel/release-2.7.3

rel/release-3.*

rel/release-3.0.0-alpha1

release-2.*

release-2.6.1
release-2.6.1-RC0
release-2.6.1-RC1
release-2.6.2
release-2.6.2-RC0
release-2.7.0
release-2.7.1
release-2.7.1-RC0
release-2.7.2-RC0
release-2.7.2-RC1
release-2.7.2-RC2
release-2.7.3-RC0
release-2.7.3-RC1
release-2.7.3-RC2

release-3.*

release-3.0.0-alpha1-RC0