CVE-2016-3086 Vulnerability in maven package org.apache.hadoop:hadoop-common

Description

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Remediation

References

http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E

http://www.securityfocus.com/bid/95335

Related Vulnerabilities

CVE-2019-10090 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

CVE-2022-22138 Vulnerability in npm package fast-string-search

CVE-2021-37942 Vulnerability in maven package co.elastic.apm:elastic-apm-agent

CVE-2022-22912 Vulnerability in npm package plist

CVE-2021-1628 Vulnerability in maven package org.mule.runtime:mule

Severity

Critical

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H