Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown
CVE-2017-3166
Disclosure Date: November 13, 2017 (last updated November 08, 2023)
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.
0
Attacker Value
Unknown
CVE-2016-3086
Disclosure Date: September 05, 2017 (last updated November 26, 2024)
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
0
Attacker Value
Unknown
CVE-2016-5393
Disclosure Date: November 29, 2016 (last updated November 25, 2024)
In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.
0
Attacker Value
Unknown
CVE-2015-1776
Disclosure Date: April 19, 2016 (last updated November 08, 2023)
Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file.
0