CVE-2016-3086

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
apacheCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
apachehadoop
2.6.0
apachehadoop
2.6.1
apachehadoop
2.6.2
apachehadoop
2.6.3
apachehadoop
2.6.4
apachehadoop
2.7.0
apachehadoop
2.7.1
apachehadoop
2.7.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E
http://www.securityfocus.com/bid/95335
http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E
http://www.securityfocus.com/bid/95335