QwikSec

Security Database

CVE

CWE

Training

CVE-2017-3166

Published: Nov 13, 2017

Modified: Sep 16, 2024

PUBLISHED

Description

In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.

Vendor	Product	Versions
Apache Software Foundation	Apache Hadoop	affected `2.6.1 to 2.6.5` affected `2.7.0 to 2.7.3` affected `3.0.0-alpha1 to 3.0.0-alpha3`

References

[general] 20171108 [SECURITY] CVE-2017-3166: Apache Hadoop Privilege escalation vulnerability

mailing-list

x_refsource_MLIST

[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.