{"id":"CVE-2016-3086","details":"The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.","aliases":["GHSA-895m-ww55-59vw"],"modified":"2026-04-09T04:50:54.205431Z","published":"2017-09-05T13:29:00.187Z","references":[{"type":"ADVISORY","url":"http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95335"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/hadoop","events":[{"introduced":"0"},{"last_affected":"e3496499ecb8d220fba99dc5ed4c99c8f9e33bb1"},{"introduced":"0"},{"last_affected":"41d19f47405652d821bbe74b645d29f048024bfe"},{"introduced":"0"},{"last_affected":"32b9050ba5a6f06c122bc67ca151401b419ada5b"},{"introduced":"0"},{"last_affected":"cc865b490b9a6260e9611a5b8633cab885b3d247"},{"introduced":"0"},{"last_affected":"c6f203dc3966ea380f9b785eb1034f5e8cdca1ab"},{"introduced":"0"},{"last_affected":"d4c8d4d4d203c934e8074b31289a28724c0842cf"},{"introduced":"0"},{"last_affected":"ac0538aac347bfd97cc0dee1db49db503c15f1d9"},{"introduced":"0"},{"last_affected":"b165c4fe8a74265c792ce23f546c64604acf0e41"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.6.0"},{"introduced":"0"},{"last_affected":"2.6.1"},{"introduced":"0"},{"last_affected":"2.6.2"},{"introduced":"0"},{"last_affected":"2.6.3"},{"introduced":"0"},{"last_affected":"2.6.4"},{"introduced":"0"},{"last_affected":"2.7.0"},{"introduced":"0"},{"last_affected":"2.7.1"},{"introduced":"0"},{"last_affected":"2.7.2"}]}}],"versions":["rel/release-2.6.4","rel/release-2.7.2","release-2.6.0","release-2.6.0-rc0","release-2.6.0-rc1","release-2.6.1","release-2.6.1-RC0","release-2.6.1-RC1","release-2.6.2","release-2.6.2-RC0","release-2.6.3","release-2.6.3-RC0","release-2.6.3-RC0.1","release-2.6.3-RC1","release-2.7.0","release-2.7.1","release-2.7.1-RC0","release-2.7.2-RC0","release-2.7.2-RC1","release-2.7.2-RC2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3086.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}