Description

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Remediation

References

http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E

http://www.securityfocus.com/bid/95335

Related Vulnerabilities

CVE-2023-30515 Vulnerability in maven package io.jenkins.plugins:thycotic-devops-secrets-vault

CVE-2023-5571 Vulnerability in npm package @vrite/sdk

CVE-2020-2207 Vulnerability in maven package org.jenkins-ci.plugins:vncviewer

CVE-2016-7103 Vulnerability in maven package org.fujion.webjars:jquery-ui

CVE-2023-35158 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-skin-resources

Severity

Critical

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Mitigation Vendor Advisory Third Party Advisory VDB Entry