Vulnerability in Apache Hadoop 0.23.x, 2.x prior to 2.7.5, 2.8.x prior to 2.8.3, and 3.0.0-alpha up to and including 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache hadoop 2.0.4 |
||
apache hadoop 2.0.3 |
||
apache hadoop 2.0.6 |
||
apache hadoop 2.1.0 |
||
apache hadoop 2.0.5 |
||
apache hadoop 2.1.1 |
||
apache hadoop 2.0.0 |
||
apache hadoop 3.0.0 |
||
apache hadoop 2.0.2 |
||
apache hadoop 2.0.1 |
||
apache hadoop |