CVE-2017-3166
published 2017-11-13CVE-2017-3166: In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable…
high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache_software_foundation | apache_hadoop | — | — |
| apache_software_foundation | apache_hadoop | — | — |
| apache_software_foundation | apache_hadoop | — | — |