cvedb.io
CVE-2017-3166
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2017-11-13T14:29:00.870 · Last modified 2026-06-17T01:17:39.483

Summary

In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.

Affected products

apache — hadoop

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.