Kihwal Lee

**Name of the Vulnerable Software and Affected Versions** Apache Hadoop versions prior to 2.6.4 Apache Hadoop versions 2.7.x prior to 2.7.2 **Description** This issue allows a local user on an HDFS DataNode to potentially gain unauthorized read access to random files. The vulnerability exists in the short-circuit reads feature of HDFS, where a user may craft a block token by guessing certain fields, thus granting them access to files they should not be able to read. **Recommendations** For Apache Hadoop versions prior to 2.6.4, update to version 2.6.4 or later. For Apache Hadoop versions 2.7.x prior to 2.7.2, update to version 2.7.2 or later.