Description
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
Remediation
References
http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E
http://www.securityfocus.com/bid/95335
Related Vulnerabilities
CVE-2022-45392 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration
CVE-2023-29208 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2021-21695 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2021-33813 Vulnerability in maven package org.jdom:jdom
CVE-2023-36471 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml