Description

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Remediation

References

http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E

http://www.securityfocus.com/bid/95335

Related Vulnerabilities

CVE-2019-1003082 Vulnerability in maven package org.jenkins-ci.plugins:gearman-plugin

CVE-2023-50766 Vulnerability in maven package org.sonatype.nexus.ci:nexus-jenkins-plugin

CVE-2020-11620 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2022-45394 Vulnerability in maven package org.jenkins-ci.plugins:delete-log-plugin

CVE-2018-1000613 Vulnerability in maven package org.apache.servicemix.bundles:org.apache.servicemix.bundles.bcprov-jdk15on

Severity

Critical

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Mitigation Vendor Advisory Third Party Advisory VDB Entry