{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T11:14:43.672","vulnerabilities":[{"cve":{"id":"CVE-2017-15713","sourceIdentifier":"security@apache.org","published":"2018-01-19T17:29:00.210","lastModified":"2024-11-21T03:15:04.077","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host."},{"lang":"es","value":"Vulnerabilidad en Apache Hadoop 0.23.x, 2.x en versiones anteriores a la 2.7.5, 2.8.x en versiones anteriores a la 2.8.3 y 3.0.0-alpha hasta la versión 3.0.0-beta1 permite que un usuario del clúster exponga archivos privados en propiedad del usuario que ejecuta el proceso del servidor de historial de jobs MapReduce. El usuario malicioso puede construir un archivo de configuración que contiene directivas XML que referencian archivos sensibles en el host del servidor de historial de jobs MapReduce."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*","versionStartIncluding":"0.23.0","versionEndIncluding":"0.23.11","matchCriteriaId":"2361D3C0-C442-4FBD-A860-F5708E991EAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndIncluding":"2.8.2","matchCriteriaId":"47B637FE-CA00-45E7-AF2D-D55DE9C758CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*","matchCriteriaId":"227941BD-D769-45AD-9D61-7FCA3C2264FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*","matchCriteriaId":"18BF490A-0865-47C0-A143-0991B40BD259"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*","matchCriteriaId":"E091799F-203D-4C52-839E-E798770C0287"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*","matchCriteriaId":"80E53689-C56C-4104-B510-CB4116B898CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*","matchCriteriaId":"591921C3-F7EA-402E-9C36-2EADF0417C72"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*","matchCriteriaId":"9FA774A9-81B3-4303-B254-C802B4DC8004"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*","matchCriteriaId":"877CAAE8-5E57-4D0D-A8EB-8CA696D0CE3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*","matchCriteriaId":"25DB127F-4293-4847-A8C4-C7F6B74762EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*","matchCriteriaId":"E8AE3E25-0726-4039-A3A8-B53F7CF0E638"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"C33530ED-6093-4B4C-AFDB-4DB5EB5878E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*","matchCriteriaId":"38BCF20D-169E-4847-8880-A223467B8639"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:*","matchCriteriaId":"336DADCF-3302-423D-BFDC-72C031AD1CAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*","matchCriteriaId":"689B619C-04C4-43C6-B103-DDAAA9C9CC9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"1E457B6F-5F01-45C5-8568-7AF598721AEB"}]}]}],"references":[{"url":"https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}