Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2017-15713
Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.
| Software | From | Fixed in |
|---|---|---|
| apache / hadoop | 2.0.4-alpha | 2.0.4-alpha.x |
| apache / hadoop | 2.0.3-alpha | 2.0.3-alpha.x |
| apache / hadoop | 2.0.6-alpha | 2.0.6-alpha.x |
| apache / hadoop | 2.1.0-beta | 2.1.0-beta.x |
| apache / hadoop | 2.0.5-alpha | 2.0.5-alpha.x |
| apache / hadoop | 2.1.1-beta | 2.1.1-beta.x |
| apache / hadoop | 2.0.0-alpha | 2.0.0-alpha.x |
| apache / hadoop | 3.0.0-alpha1 | 3.0.0-alpha1.x |
| apache / hadoop | 3.0.0-alpha2 | 3.0.0-alpha2.x |
| apache / hadoop | 2.0.2-alpha | 2.0.2-alpha.x |
| apache / hadoop | 2.0.1-alpha | 2.0.1-alpha.x |
| apache / hadoop | 0.23.0 | 0.23.11.x |
| apache / hadoop | 3.0.0-alpha3 | 3.0.0-alpha3.x |
| apache / hadoop | 3.0.0-alpha4 | 3.0.0-alpha4.x |
| apache / hadoop | 3.0.0-beta1 | 3.0.0-beta1.x |
| apache / hadoop | 2.2.0 | 2.8.2.x |
org.apache.hadoop / hadoop-main
|
- | 2.7.5 |
|
org.apache.hadoop / hadoop-main
|
2.8.0 | 2.8.3 |