CVE-2016-3086
CRITICALApache Hadoop 2.6.0-2.6.4 and 2.7.0-2.7.2 - Unauthorized Sensitive Information Exposure via YARN NodeManager
Title source: llmDescription
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95335
Mailing List, Mitigation, Vendor Advisory mailing-list
x_refsource_mlist
http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E
Scores
CVSS v3
9.8
EPSS
0.0093
EPSS Percentile
76.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
Status
published
Products (11)
apache/hadoop
2.6.0
apache/hadoop
2.6.1
apache/hadoop
2.6.2
apache/hadoop
2.6.3
apache/hadoop
2.6.4
apache/hadoop
2.7.0
apache/hadoop
2.7.1
apache/hadoop
2.7.2
Apache Software Foundation/Apache Hadoop
2.6.0 to 2.6.4
Apache Software Foundation/Apache Hadoop
2.7.0 to 2.7.2
... and 1 more
Published
Sep 05, 2017
Tracked Since
Feb 18, 2026