GHSA-mq8p-h798-xcrp

Source

https://github.com/advisories/GHSA-mq8p-h798-xcrp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/12/GHSA-mq8p-h798-xcrp/GHSA-mq8p-h798-xcrp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mq8p-h798-xcrp

Aliases

CVE-2017-15718

Published

2018-12-21T17:50:20Z

Modified

2023-11-08T03:58:58.669059Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Exposure of Sensitive Information in Hadoop

Details

The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Database specific

{
    "nvd_published_at": null,
    "github_reviewed_at": "2020-06-16T21:47:00Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

Maven / org.apache.hadoop:hadoop-main

Package

Name: org.apache.hadoop:hadoop-main; View open source insights on deps.dev
Purl: pkg:maven/org.apache.hadoop/hadoop-main

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.7.3

Fixed

2.7.5

Affected versions

2.*

2.7.3

2.7.4

Database specific

{
    "last_known_affected_version_range": "<= 2.7.4"
}