Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-895m-ww55-59vw

GitHub Security Advisory

Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Affected Packages

Maven org.apache.hadoop:hadoop-yarn-server-nodemanager
Affected versions: 2.6.0 (fixed in 2.6.5)
Maven org.apache.hadoop:hadoop-yarn-server-nodemanager
Affected versions: 2.7.0 (fixed in 2.7.3)

Related CVEs

CVE-2016-3086

Key Information

GHSA ID
GHSA-895m-ww55-59vw
Published
May 17, 2022 1:08 AM
Last Modified
July 6, 2022 7:57 PM
CVSS Score
9.0 /10
Primary Ecosystem
Maven
Primary Package
org.apache.hadoop:hadoop-yarn-server-nodemanager
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.