CVE-2016-3086

Published on: 09/05/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:03 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Hadoop from Apache contain the following vulnerability:

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

  • CVE-2016-3086 has been assigned by [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.
  • Affected Vendor/Software: Apache Software Foundation - Apache Hadoop version 2.6.0 to 2.6.4
  • Affected Vendor/Software: Apache Software Foundation - Apache Hadoop version 2.7.0 to 2.7.2

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 95335
[SECURITY] CVE-2016-3086: Apache Hadoop YARN NodeManager vulnerability Mailing List
Mitigation
Vendor Advisory
mail-archives.apache.org
text/xml
URL Logo MLIST [hadoop-general] 20170110 [SECURITY] CVE-2016-3086: Apache Hadoop YARN NodeManager vulnerability

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationApacheHadoop2.6.0AllAllAll
ApplicationApacheHadoop2.6.1AllAllAll
ApplicationApacheHadoop2.6.2AllAllAll
ApplicationApacheHadoop2.6.3AllAllAll
ApplicationApacheHadoop2.6.4AllAllAll
ApplicationApacheHadoop2.7.0AllAllAll
ApplicationApacheHadoop2.7.1AllAllAll
ApplicationApacheHadoop2.7.2AllAllAll
ApplicationApacheHadoop2.6.0AllAllAll
ApplicationApacheHadoop2.6.1AllAllAll
ApplicationApacheHadoop2.6.2AllAllAll
ApplicationApacheHadoop2.6.3AllAllAll
ApplicationApacheHadoop2.6.4AllAllAll
ApplicationApacheHadoop2.7.0AllAllAll
ApplicationApacheHadoop2.7.1AllAllAll
ApplicationApacheHadoop2.7.2AllAllAll
  • cpe:2.3:a:apache:hadoop:2.6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:hadoop:2.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:hadoop:2.6.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:hadoop:2.6.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:hadoop:2.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:hadoop:2.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:hadoop:2.7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:hadoop:2.6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:hadoop:2.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:hadoop:2.6.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:hadoop:2.6.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:hadoop:2.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:hadoop:2.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:hadoop:2.7.2:*:*:*:*:*:*:*: