Full title: Apache Hadoop 0.23.x Private File Disclosure Vulnerability 
Category: remote exploits
Platform: multiple
A vulnerability allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host. Apache Hadoop versions 0.23.0 to 0.23.11, 2.0.0-alpha to 2.8.2, and 3.0.0-alpha to 3.0.0-beta1 are affected.

# 0day.today @ http://0day.today/