CVE-2017-3166 is a vulnerability in Apache Hadoop
Published on November 13, 2017
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.
Products Associated with CVE-2017-3166
Want to know whenever a new CVE is published for Apache Hadoop? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Hadoop:- Version 2.6.1 to 2.6.5 is affected.
- Version 2.7.0 to 2.7.3 is affected.
- Version 3.0.0-alpha1 to 3.0.0-alpha3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.