← back
CVE-2016-3086

CVE-2016-3086

EPSS 3.6%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 3.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
05 Sep 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
Affected products
Apache Software Foundation · Apache Hadoop

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3Ehttp://www.securityfocus.com/bid/95335