CVE-2017-15713
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.
Vulnerabilidad en Apache Hadoop 0.23.x, 2.x en versiones anteriores a la 2.7.5, 2.8.x en versiones anteriores a la 2.8.3 y 3.0.0-alpha hasta la versión 3.0.0-beta1 permite que un usuario del clúster exponga archivos privados en propiedad del usuario que ejecuta el proceso del servidor de historial de jobs MapReduce. El usuario malicioso puede construir un archivo de configuración que contiene directivas XML que referencian archivos sensibles en el host del servidor de historial de jobs MapReduce.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-10-21 CVE Reserved
- 2018-01-19 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | >= 0.23.0 <= 0.23.11 Search vendor "Apache" for product "Hadoop" and version " >= 0.23.0 <= 0.23.11" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | >= 2.2.0 <= 2.8.2 Search vendor "Apache" for product "Hadoop" and version " >= 2.2.0 <= 2.8.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | 2.0.0 Search vendor "Apache" for product "Hadoop" and version "2.0.0" | alpha |
Affected
| ||||||
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | 2.0.1 Search vendor "Apache" for product "Hadoop" and version "2.0.1" | alpha |
Affected
| ||||||
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | 2.0.2 Search vendor "Apache" for product "Hadoop" and version "2.0.2" | alpha |
Affected
| ||||||
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | 2.0.3 Search vendor "Apache" for product "Hadoop" and version "2.0.3" | alpha |
Affected
| ||||||
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | 2.0.4 Search vendor "Apache" for product "Hadoop" and version "2.0.4" | alpha |
Affected
| ||||||
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | 2.0.5 Search vendor "Apache" for product "Hadoop" and version "2.0.5" | alpha |
Affected
| ||||||
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | 2.0.6 Search vendor "Apache" for product "Hadoop" and version "2.0.6" | alpha |
Affected
| ||||||
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | 2.1.0 Search vendor "Apache" for product "Hadoop" and version "2.1.0" | beta |
Affected
| ||||||
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | 2.1.1 Search vendor "Apache" for product "Hadoop" and version "2.1.1" | beta |
Affected
| ||||||
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | 3.0.0 Search vendor "Apache" for product "Hadoop" and version "3.0.0" | alpha1 |
Affected
| ||||||
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | 3.0.0 Search vendor "Apache" for product "Hadoop" and version "3.0.0" | alpha2 |
Affected
| ||||||
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | 3.0.0 Search vendor "Apache" for product "Hadoop" and version "3.0.0" | alpha3 |
Affected
| ||||||
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | 3.0.0 Search vendor "Apache" for product "Hadoop" and version "3.0.0" | alpha4 |
Affected
| ||||||
| Apache Search vendor "Apache" | Hadoop Search vendor "Apache" for product "Hadoop" | 3.0.0 Search vendor "Apache" for product "Hadoop" and version "3.0.0" | beta1 |
Affected
| ||||||