CVE-2016-3086 Vulnerability in maven package org.apache.hadoop:hadoop-common

Description

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Remediation

References

http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E

http://www.securityfocus.com/bid/95335

Related Vulnerabilities

CVE-2022-40635 Vulnerability in maven package org.craftercms:craftercms

CVE-2021-25913 Vulnerability in npm package set-or-get

CVE-2021-34081 Vulnerability in npm package gitsome

CVE-2022-37734 Vulnerability in maven package com.graphql-java:graphql-java

CVE-2021-3536 Vulnerability in maven package org.wildfly:wildfly-parent

Severity

Critical

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H