Description

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Remediation

References

http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E

http://www.securityfocus.com/bid/95335

Related Vulnerabilities

CVE-2020-1947 Vulnerability in maven package org.apache.shardingsphere:shardingsphere

CVE-2023-37909 Vulnerability in maven package org.xwiki.platform:xwiki-platform-menu-ui

CVE-2023-37277 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-war

CVE-2023-26488 Vulnerability in npm package @openzeppelin/contracts

CVE-2015-2156 Vulnerability in maven package io.netty:netty

Severity

Critical

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Mitigation Vendor Advisory Third Party Advisory VDB Entry