CVE-2017-15718
First published: Wed Jan 24 2018(Updated: )
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Hadoop | =2.7.3 | |
| Apache Hadoop | =2.7.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-15718?
CVE-2017-15718 is a vulnerability in the YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 that can leak the password for the credential store provider used by the NodeManager to YARN Applications.
What is the severity of CVE-2017-15718?
CVE-2017-15718 has a severity rating of 9.8, which is considered critical.
Which software versions are affected by CVE-2017-15718?
CVE-2017-15718 affects Apache Hadoop version 2.7.3 and 2.7.4.
How can the password leak issue be fixed?
To fix the password leak issue in CVE-2017-15718, it is recommended to upgrade to a version of Apache Hadoop that is not affected by the vulnerability.
Where can I find more information about CVE-2017-15718?
More information about CVE-2017-15718 can be found at the following reference: [link](https://lists.apache.org/thread.html/773c93c2d8a6a52bbe97610c2b1c2ad205b970e1b8c04fb5b2fccad6@%3Cgeneral.hadoop.apache.org%3E).
- collector/nvd-index
- agent/references
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache hadoop
- version/apache hadoop/2.7.3
- version/apache hadoop/2.7.4