Описание
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
Ссылки
- Mailing ListMitigationVendor Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListMitigationVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:hadoop:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:2.7.2:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00428
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 9.8
debian
больше 8 лет назад
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x bef ...
CVSS3: 9.8
github
больше 3 лет назад
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
EPSS
Процентиль: 62%
0.00428
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200