CVE-2017-15713

Published: Jan 19, 2018

Modified: Sep 17, 2024

PUBLISHED

Description

Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.

Vendor	Product	Versions
Apache Software Foundation	Apache Hadoop	affected `0.23.0 to 0.23.11` affected `2.0.0-alpha to 2.8.2` affected `3.0.0-alpha to 3.0.0-beta1`

References

[general] 20180119 CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-15713

Description

Affected Products

References