CVE-2016-3086

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-3086

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3086.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-3086

Aliases

GHSA-895m-ww55-59vw

Published

2017-09-05T13:29:00.187Z

Modified

2026-05-30T08:13:25.665995Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

References

Affected packages

Git / github.com/apache/hadoop

Affected ranges

Type

GIT

Repo

https://github.com/apache/hadoop

Events

Introduced

Last affected

e3496499ecb8d220fba99dc5ed4c99c8f9e33bb1

Last affected

41d19f47405652d821bbe74b645d29f048024bfe

Last affected

32b9050ba5a6f06c122bc67ca151401b419ada5b

Last affected

cc865b490b9a6260e9611a5b8633cab885b3d247

Last affected

c6f203dc3966ea380f9b785eb1034f5e8cdca1ab

Last affected

d4c8d4d4d203c934e8074b31289a28724c0842cf

Last affected

ac0538aac347bfd97cc0dee1db49db503c15f1d9

Last affected

b165c4fe8a74265c792ce23f546c64604acf0e41

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.0"
        },
        {
            "last_affected": "2.6.1"
        },
        {
            "last_affected": "2.6.2"
        },
        {
            "last_affected": "2.6.3"
        },
        {
            "last_affected": "2.6.4"
        },
        {
            "last_affected": "2.7.0"
        },
        {
            "last_affected": "2.7.1"
        },
        {
            "last_affected": "2.7.2"
        }
    ],
    "cpe": [
        "cpe:2.3:a:apache:hadoop:2.6.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:hadoop:2.6.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:hadoop:2.6.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:hadoop:2.6.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:hadoop:2.7.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:hadoop:2.7.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:hadoop:2.7.2:*:*:*:*:*:*:*"
    ],
    "source": "CPE_STRING"
}

Affected versions

rel/release-2.*

rel/release-2.6.4

rel/release-2.7.2

release-2.*

release-2.6.0

release-2.6.0-rc0

release-2.6.0-rc1

release-2.6.1

release-2.6.1-RC0

release-2.6.1-RC1

release-2.6.2

release-2.6.2-RC0

release-2.6.3

release-2.6.3-RC0

release-2.6.3-RC0.1

release-2.6.3-RC1

release-2.7.0

release-2.7.1

release-2.7.1-RC0

release-2.7.2-RC0

release-2.7.2-RC1

release-2.7.2-RC2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3086.json"