CVE-2017-15713

{"id": "CVE-2017-15713", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-01-19T17:29:00.210", "references": [{"url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host."}, {"lang": "es", "value": "Vulnerabilidad en Apache Hadoop 0.23.x, 2.x en versiones anteriores a la 2.7.5, 2.8.x en versiones anteriores a la 2.8.3 y 3.0.0-alpha hasta la versi\u00f3n 3.0.0-beta1 permite que un usuario del cl\u00faster exponga archivos privados en propiedad del usuario que ejecuta el proceso del servidor de historial de jobs MapReduce. El usuario malicioso puede construir un archivo de configuraci\u00f3n que contiene directivas XML que referencian archivos sensibles en el host del servidor de historial de jobs MapReduce."}], "lastModified": "2024-11-21T03:15:04.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2361D3C0-C442-4FBD-A860-F5708E991EAE", "versionEndIncluding": "0.23.11", "versionStartIncluding": "0.23.0"}, {"criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47B637FE-CA00-45E7-AF2D-D55DE9C758CC", "versionEndIncluding": "2.8.2", "versionStartIncluding": "2.2.0"}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "227941BD-D769-45AD-9D61-7FCA3C2264FA"}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18BF490A-0865-47C0-A143-0991B40BD259"}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E091799F-203D-4C52-839E-E798770C0287"}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E53689-C56C-4104-B510-CB4116B898CB"}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "591921C3-F7EA-402E-9C36-2EADF0417C72"}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FA774A9-81B3-4303-B254-C802B4DC8004"}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "877CAAE8-5E57-4D0D-A8EB-8CA696D0CE3F"}, {"criteria": "cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25DB127F-4293-4847-A8C4-C7F6B74762EE"}, {"criteria": "cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8AE3E25-0726-4039-A3A8-B53F7CF0E638"}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C33530ED-6093-4B4C-AFDB-4DB5EB5878E0"}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38BCF20D-169E-4847-8880-A223467B8639"}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "336DADCF-3302-423D-BFDC-72C031AD1CAD"}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "689B619C-04C4-43C6-B103-DDAAA9C9CC9C"}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E457B6F-5F01-45C5-8568-7AF598721AEB"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}