Description

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Remediation

References

http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E

http://www.securityfocus.com/bid/95335

Related Vulnerabilities

CVE-2021-32736 Vulnerability in npm package think-helper

CVE-2022-45399 Vulnerability in maven package org.zeroturnaround:cluster-stats

CVE-2021-41184 Vulnerability in maven package org.webjars:jquery-ui

CVE-2023-45648 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2022-25349 Vulnerability in maven package org.webjars.npm:materialize-css

Severity

Critical

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Mitigation Vendor Advisory Third Party Advisory VDB Entry