CVE-2015-1776: Exposure of Sensitive Information to an Unauthorized Actor

May 17, 2022 (updated July 6, 2022)

Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file.

References

mail-archives.apache.org/mod_mbox/hadoop-general/201602.mbox/%3CCAGCyb56CPgQMcxZ7jP87SfM5OKGx+E49DtrzCTQ6+nQf2a4nSA@mail.gmail.com%3E
github.com/advisories/GHSA-g48f-ff5h-5f64
nvd.nist.gov/vuln/detail/CVE-2015-1776

Code Behaviors & Features

Detect and mitigate CVE-2015-1776 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →