Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-3166

In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.

Published

2017-11-13T14:29:00.870

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.9

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-732
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application apache hadoop 2.6.1 Yes
Application apache hadoop 2.6.2 Yes
Application apache hadoop 2.6.3 Yes
Application apache hadoop 2.6.4 Yes
Application apache hadoop 2.6.5 Yes
Application apache hadoop 2.7.0 Yes
Application apache hadoop 2.7.1 Yes
Application apache hadoop 2.7.2 Yes
Application apache hadoop 2.7.3 Yes
Application apache hadoop 3.0.0 Yes
References