CVE-2016-3086

UNRATED

Description

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Affected products

Apache Software Foundation / Apache Hadoop2.6.0 to 2.6.4 – 2.6.0 to 2.6.4
Apache Software Foundation / Apache Hadoop2.7.0 to 2.7.2 – 2.7.0 to 2.7.2

References

MISChttp://www.securityfocus.com/bid/95335
MISChttp://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E