CVE-2017-15713
N/A
N/A
Summary
Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Hadoop | 0.23.0 to 0.23.11 | affected |
| Apache Software Foundation | Apache Hadoop | 2.0.0-alpha to 2.8.2 | affected |
| Apache Software Foundation | Apache Hadoop | 3.0.0-alpha to 3.0.0-beta1 | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.