CVE-2017-3166
Last modified
CVE-2017-3166 is a vulnerability of currently unknown severity. In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Apache | Hadoop | 2.6.1 | — |
| Apache | Hadoop | 2.6.2 | — |
| Apache | Hadoop | 2.6.3 | — |
| Apache | Hadoop | 2.6.4 | — |
| Apache | Hadoop | 2.6.5 | — |
| Apache | Hadoop | 2.7.0 | — |
| Apache | Hadoop | 2.7.1 | — |
| Apache | Hadoop | 2.7.2 | — |
| Apache | Hadoop | 2.7.3 | — |
| Apache | Hadoop | 3.0.0 | Alpha1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-3166?
How severe is CVE-2017-3166?
How do I fix CVE-2017-3166?
Are you affected by CVE-2017-3166?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST