Apache Hadoop version 2.0.0-alpha suffers from an HDFS information disclosure vulnerability. Malicious clients may gain write access to data for which they have read-only permission, or gain read access to any data blocks whose IDs they can determine.
8ea4cabe21ecd11c0e368081bd0fd9e1d9007bdbf2e8fcaaf287c6748a7721da