#VU37620 Information disclosure in Hadoop - CVE-2017-15713

Cybersecurity Help s.r.o.

Published: 2018-01-19 | Updated: 2020-08-08

Vulnerability identifier: #VU37620

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-15713

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Hadoop
Server applications / Frameworks for developing and running applications

Vendor: Apache Foundation

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Hadoop: 2.0.0 - 3.0.0

External links
https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM watsonx.data

Multiple vulnerabilities in IBM Application Performance Management

Multiple vulnerabilities in IBM InfoSphere Information Server

Information disclosure in IBM Cloud Pak for Multicloud Management Monitoring

Multiple vulnerabilities in IBM QRadar SIEM

Multiple vulnerabilities in Hadoop