Medium severity6.2NVD Advisory· Published Apr 19, 2016· Updated May 6, 2026
CVE-2015-1776
CVE-2015-1776
Description
Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.hadoop:hadoop-commonMaven | >= 2.6.0, < 2.6.5 | 2.6.5 |
Affected products
5Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-g48f-ff5h-5f64ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-1776ghsaADVISORY
- mail-archives.apache.org/mod_mbox/hadoop-general/201602.mbox/%3CCAGCyb56CPgQMcxZ7jP87SfM5OKGx+E49DtrzCTQ6+nQf2a4nSA@mail.gmail.com%3EghsaWEB
- mail-archives.apache.org/mod_mbox/hadoop-general/201602.mbox/%3CCAGCyb56CPgQMcxZ7jP87SfM5OKGx+E49DtrzCTQ6+nQf2a4nSA%40mail.gmail.com%3Envd
- www.securityfocus.com/bid/83259nvd
News mentions
0No linked articles in our index yet.