CVE-2014-0229: Several HDFS admin commands lack proper privilege checks
CVE-2013-6446: Apache Hadoop job history server vulnerability
Severity: Major
Vendor: The Apache Software Foundation
Versions Affected: Hadoop 0.23.1 to 0.23.9, Hadoop 2.0.0 to 2.2.0
Users Affected: Users who have enabled Hadoop's MapReduce security features
Impact: Vulnerability allows an unauthorized user to retrieve job details from the job history server
Mitigation: Hadoop 0.23.x users should upgrade to 0.23.10, Hadoop 2.x users should upgrade to 2.3.0
Credit: This issue was discovered by Koji Noguchi of Yahoo
