Description

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Remediation

References

http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E

http://www.securityfocus.com/bid/95335

Related Vulnerabilities

CVE-2021-21165 Vulnerability in maven package org.webjars.npm:electron

CVE-2021-30180 Vulnerability in maven package org.apache.dubbo:dubbo

CVE-2022-45143 Vulnerability in maven package org.apache.tomcat:tomcat-util

CVE-2023-30531 Vulnerability in maven package org.jenkins-ci.plugins:consul-kv-builder

CVE-2020-2255 Vulnerability in maven package io.jenkins.blueocean:blueocean-parent

Severity

Critical

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Mitigation Vendor Advisory Third Party Advisory VDB Entry