VYPR
Critical severity9.8NVD Advisory· Published Sep 5, 2017· Updated Jun 17, 2026

CVE-2016-3086

CVE-2016-3086

Description

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.hadoop:hadoop-yarn-server-nodemanagerMaven
>= 2.6.0, < 2.6.52.6.5
org.apache.hadoop:hadoop-yarn-server-nodemanagerMaven
>= 2.7.0, < 2.7.32.7.3

Affected products

10
  • Apache/Hadoop8 versions
    cpe:2.3:a:apache:hadoop:2.6.0:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:apache:hadoop:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.7.2:*:*:*:*:*:*:*
  • Apache Software Foundation/Apache Hadoopv5
    Range: 2.6.0 to 2.6.4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.