CVE-2017-15713

CVSS v3.0 6.5 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.05 % (18^th)

Affected Products 1

Advisories 2

Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2018-01-19 17:29:00
(6 years ago)
Updated Date: 2023-11-07 02:40:22
(10 months ago)

Affected Products

Apache

Hadoop

Configuration #1

	CPE23	From	Up To
Apache Hadoop from 0.23.0 version and 0.23.11 and prior versions	cpe:2.3:a:apache:hadoop	>= 0.23.0	<= 0.23.11
Apache Hadoop from 2.2.0 version and 2.8.2 and prior versions	cpe:2.3:a:apache:hadoop	>= 2.2.0	<= 2.8.2
Apache Hadoop 2.0.0 Alpha	cpe:2.3:a:apache:hadoop:2.0.0:alpha
Apache Hadoop 2.0.1 Alpha	cpe:2.3:a:apache:hadoop:2.0.1:alpha
Apache Hadoop 2.0.2 Alpha	cpe:2.3:a:apache:hadoop:2.0.2:alpha
Apache Hadoop 2.0.3 Alpha	cpe:2.3:a:apache:hadoop:2.0.3:alpha
Apache Hadoop 2.0.4 Alpha	cpe:2.3:a:apache:hadoop:2.0.4:alpha
Apache Hadoop 2.0.5 Alpha	cpe:2.3:a:apache:hadoop:2.0.5:alpha
Apache Hadoop 2.0.6 Alpha	cpe:2.3:a:apache:hadoop:2.0.6:alpha
Apache Hadoop 2.1.0 Beta	cpe:2.3:a:apache:hadoop:2.1.0:beta
Apache Hadoop 2.1.1 Beta	cpe:2.3:a:apache:hadoop:2.1.1:beta
Apache Hadoop 3.0.0 Alpha1	cpe:2.3:a:apache:hadoop:3.0.0:alpha1
Apache Hadoop 3.0.0 Alpha2	cpe:2.3:a:apache:hadoop:3.0.0:alpha2
Apache Hadoop 3.0.0 Alpha3	cpe:2.3:a:apache:hadoop:3.0.0:alpha3
Apache Hadoop 3.0.0 Alpha4	cpe:2.3:a:apache:hadoop:3.0.0:alpha4
Apache Hadoop 3.0.0 Beta1	cpe:2.3:a:apache:hadoop:3.0.0:beta1