Description

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Remediation

References

http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E

http://www.securityfocus.com/bid/95335

Related Vulnerabilities

CVE-2022-31191 Vulnerability in maven package org.dspace:dspace-jspui

CVE-2023-37942 Vulnerability in maven package org.jenkins-ci.plugins:external-monitor-job

CVE-2022-25916 Vulnerability in npm package mt7688-wiscan

CVE-2023-37960 Vulnerability in maven package io.jenkins.plugins:mathworks-polyspace

CVE-2022-28731 Vulnerability in maven package org.apache.jspwiki:jspwiki-main

Severity

Critical

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Mitigation Vendor Advisory Third Party Advisory VDB Entry