Description
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
Remediation
References
http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E
http://www.securityfocus.com/bid/95335
Related Vulnerabilities
CVE-2022-31191 Vulnerability in maven package org.dspace:dspace-jspui
CVE-2023-37942 Vulnerability in maven package org.jenkins-ci.plugins:external-monitor-job
CVE-2022-25916 Vulnerability in npm package mt7688-wiscan
CVE-2023-37960 Vulnerability in maven package io.jenkins.plugins:mathworks-polyspace
CVE-2022-28731 Vulnerability in maven package org.apache.jspwiki:jspwiki-main