CVE-2017-15718
published 2018-01-24CVE-2017-15718: The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITW
Exploited in the wild
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache_software_foundation | apache_hadoop | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL