CVE-2015-1776

MEDIUM

Apache Hadoop < 2.6.5 - Information Disclosure

Title source: rule

Description

Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file.

References (2)

[Various Sources] http://mail-archives.apache.org/mod_mbox/hadoop-general/201602.mbox/%3CCAGCyb56CPgQMcxZ7jP87SfM5OKGx+E49DtrzCTQ6+nQf2a4nSA%40mail.gmail.com%3E

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/83259

Scores

CVSS v3 6.2

EPSS 0.0006

EPSS Percentile 20.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (6)

apache/hadoop

org.apache.hadoop/hadoop-common < 2.6.5Maven

Timeline

Published Apr 19, 2016

Tracked Since Feb 18, 2026