This is an information disclosure vulnerability in Apache Hadoop prior to 2.6.4 and 2.7.x prior to 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache hadoop 2.7.0 |
||
apache hadoop |
||
apache hadoop 2.7.1 |