CVE-2017-15713 : Security Advisory and Response

Apache Hadoop versions 0.23.x, 2.x, 2.8.x, and 3.0.0-alpha through 3.0.0-beta1 are affected by a vulnerability that allows unauthorized users to access confidential files. This CVE was published on January 19, 2018.

Understanding CVE-2017-15713

A weakness in Apache Hadoop versions exposes private files to unauthorized users, potentially compromising sensitive data.

What is CVE-2017-15713?

The vulnerability in Apache Hadoop versions allows a user within a cluster to reveal confidential files owned by the user responsible for the MapReduce job history server process.

The Impact of CVE-2017-15713

Unauthorized users can access privileged files on the host running the MapReduce job history server by creating a custom configuration file containing XML commands.

Technical Details of CVE-2017-15713

Apache Hadoop vulnerability details and affected systems.

Vulnerability Description

The vulnerability enables unauthorized users to access confidential files by manipulating XML commands in a custom configuration file.

Affected Systems and Versions

Apache Hadoop versions 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1.

Exploitation Mechanism

Unauthorized users can reference and access privileged files on the host running the MapReduce job history server by creating a custom configuration file with XML commands.

Mitigation and Prevention

Steps to mitigate and prevent the CVE-2017-15713 vulnerability.

Immediate Steps to Take

Apply vendor patches and updates promptly to address the vulnerability.
Restrict access to the MapReduce job history server to authorized users only.

Long-Term Security Practices

Regularly monitor and audit access to sensitive files and directories within the Apache Hadoop cluster.
Implement strong authentication mechanisms and access controls to prevent unauthorized access.

Patching and Updates

Update Apache Hadoop to versions that have addressed the vulnerability to ensure system security.