{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0.23.0" }, { "last_affected": "0.23.11" }, { "introduced": "2.2.0" }, { "last_affected": "2.8.2" }, { "introduced": "0" }, { "last_affected": "2.0.0-alpha" }, { "introduced": "0" }, { "last_affected": "2.0.1-alpha" }, { "introduced": "0" }, { "last_affected": "2.0.2-alpha" }, { "introduced": "0" }, { "last_affected": "2.0.3-alpha" }, { "introduced": "0" }, { "last_affected": "2.0.4-alpha" }, { "introduced": "0" }, { "last_affected": "2.0.5-alpha" }, { "introduced": "0" }, { "last_affected": "2.0.6-alpha" }, { "introduced": "0" }, { "last_affected": "2.1.0-beta" }, { "introduced": "0" }, { "last_affected": "2.1.1-beta" }, { "introduced": "0" }, { "last_affected": "3.0.0-alpha1" }, { "introduced": "0" }, { "last_affected": "3.0.0-alpha2" }, { "introduced": "0" }, { "last_affected": "3.0.0-alpha3" }, { "introduced": "0" }, { "last_affected": "3.0.0-alpha4" }, { "introduced": "0" }, { "last_affected": "3.0.0-beta1" } ] }, "events": [ { "introduced": "9f6e30b5abcbb10a37c751d71ee9bd304817db32" }, { "last_affected": "03898292180fa8dd4dbb2179bc015acf4b933c60" }, { "introduced": "c40e9eb30aa4bf8f3c3eb7c139a06c665417b8c6" }, { "last_affected": "66c47f2a01ad9637879e95f80c41f798373828fb" }, { "introduced": "0" }, { "last_affected": "da30cf664ccc99a54059eb6b9ffa73dc68a95ed2" }, { "introduced": "0" }, { "last_affected": "7188d28fb955413e5a2210c7ae193d5aebf1e4bd" }, { "introduced": "0" }, { "last_affected": "d4f5c5cf5d05398cd95a72e73bd9e790bb16f8cd" }, { "introduced": "0" }, { "last_affected": "a0c3d4bf4ba81d86be9306d46bc5989ef5a09455" }, { "introduced": "0" }, { "last_affected": "428971416ee23756e0da877390b4a8d2aa6e197a" }, { "introduced": "0" }, { "last_affected": "58263d99cdb619ab9bbede1a4eba3247da7ca555" }, { "introduced": "0" }, { "last_affected": "b924d9ef327cf697cf656db0f5e2e7bd2d5f5e6d" }, { "introduced": "0" }, { "last_affected": "da2db3aff7788a45e63cc16d1c5b94687c33c684" }, { "introduced": "0" }, { "last_affected": "50023abb20a710a92bf2a1e38d3ad410acd26438" }, { "introduced": "0" }, { "last_affected": "a990d2ebcd6de5d7dc2d3684930759b0f0ea4dc3" }, { "introduced": "0" }, { "last_affected": "1337ef4eef14fbbb214e71b68b7eb07061a4a212" }, { "introduced": "0" }, { "last_affected": "7c0489beb9fdf12e223a9e57779d3fef765a44d2" }, { "introduced": "0" }, { "last_affected": "e324cf8a2a6e55e996414ff281fee757f09d8172" }, { "introduced": "0" }, { "last_affected": "1002c582d86ae8689c497c3d31b73f1ab92d5e29" } ], "repo": "https://github.com/apache/hadoop", "type": "GIT" } ] } ], "details": "Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.", "id": "CVE-2017-15713", "modified": "2026-03-13T21:56:34.525642139Z", "published": "2018-01-19T17:29:00.210Z", "references": [ { "type": "WEB", "url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }