CVE-2017-15718: Exposure of Sensitive Information to an Unauthorized Actor

January 24, 2018 (updated October 3, 2019)

The YARN NodeManager can leak the password for the credential store provider used by the NodeManager to YARN Applications.

References

nvd.nist.gov/vuln/detail/CVE-2017-15718

Detect and mitigate CVE-2017-15718 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →