GHSA-895m-ww55-59vw

Source

https://github.com/advisories/GHSA-895m-ww55-59vw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-895m-ww55-59vw/GHSA-895m-ww55-59vw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-895m-ww55-59vw

Aliases

CVE-2016-3086

Published

2022-05-17T01:08:00Z

Modified

2023-11-08T03:58:25.259101Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop

Details

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Database specific

{
    "nvd_published_at": "2017-09-05T13:29:00Z",
    "github_reviewed_at": "2022-07-06T19:57:06Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

Maven / org.apache.hadoop:hadoop-yarn-server-nodemanager

Package

Name: org.apache.hadoop:hadoop-yarn-server-nodemanager; View open source insights on deps.dev
Purl: pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.6.0

Fixed

2.6.5

Affected versions

2.*

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

Database specific

{
    "last_known_affected_version_range": "<= 2.6.4"
}

Maven / org.apache.hadoop:hadoop-yarn-server-nodemanager

Package

Name: org.apache.hadoop:hadoop-yarn-server-nodemanager; View open source insights on deps.dev
Purl: pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.7.0

Fixed

2.7.3

Affected versions

2.*

2.7.0

2.7.1

2.7.2

Database specific

{
    "last_known_affected_version_range": "<= 2.7.2"
}