CVE-2016-3086

Description

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Affected products

• Apache Software Foundation / Apache Hadoop2.6.0 to 2.6.4 – 2.6.0 to 2.6.4
• Apache Software Foundation / Apache Hadoop2.7.0 to 2.7.2 – 2.7.0 to 2.7.2

References

• MISChttp://www.securityfocus.com/bid/95335
• MISChttp://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E