7. Common Vulnerabilities and Exposures

  • CVE-2013-6446: Apache Hadoop job history server vulnerability

  • Severity: Major

  • Vendor: The Apache Software Foundation

  • Versions Affected: Hadoop 0.23.1 to 0.23.9, Hadoop 2.0.0 to 2.2.0

  • Users Affected: Users who have enabled Hadoop's MapReduce security features

  • Impact: Vulnerability allows an unauthorized user to retrieve job details from the job history server

  • Mitigation: Hadoop 0.23.x users should upgrade to 0.23.10, Hadoop 2.x users should upgrade to 2.3.0

  • Credit: This issue was discovered by Koji Noguchi of Yahoo