Description
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
Remediation
References
http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E
http://www.securityfocus.com/bid/95335
Related Vulnerabilities
CVE-2022-23945 Vulnerability in maven package org.apache.shenyu:shenyu-common
CVE-2021-22696 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-oauth2
CVE-2023-47325 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web
CVE-2023-5245 Vulnerability in maven package ml.combust.bundle:bundle-ml_2.12
CVE-2023-37909 Vulnerability in maven package org.xwiki.platform:xwiki-platform-menu-ui