CVE-2015-1776 — Sensitive Information Exposure in Apache Hadoop

CWE-200 — Sensitive Information Exposure7 documents6 sources

Severity

6.2MEDIUMNVD

EPSS

0.1%

top 79.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Hadoop

Timeline

PublishedApr 19

Latest updateMay 17

Description

Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages1 packages

▶NVDapache/hadoop5 versions+4

🔴Vulnerability Details

GHSA

Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop↗2022-05-17

▶

OSV

Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop↗2022-05-17

▶

CVEList

CVE-2015-1776: Apache Hadoop 2↗2016-04-19

▶

🕵️Threat Intelligence

Qualys

US-CERT: Top 30 Vulnerabilities | Qualys↗2015-05-01

▶

💬Community

Bugzilla

CVE-2015-1776 hadoop: disclosure of encrypted data in Hadoop MapReduce [fedora-all]↗2016-02-16

▶

Bugzilla

CVE-2015-1776 hadoop: disclosure of encrypted data in Hadoop MapReduce↗2016-02-16

▶