Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Cloudera Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 16 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-26936 1 Cloudera 1 Data Engineering 2020-12-01 6.8 MEDIUM 8.8 HIGH
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.
CVE-2019-7319 1 Cloudera 1 Cdh 2020-08-24 6.5 MEDIUM 8.3 HIGH
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges.
CVE-2018-20090 1 Cloudera 1 Data Science Workbench 2019-12-12 6.5 MEDIUM 8.3 HIGH
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.
CVE-2018-17860 1 Cloudera 1 Cdh 2019-12-12 6.5 MEDIUM 7.2 HIGH
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
CVE-2015-7831 1 Cloudera 1 Cdh 2019-12-12 6.5 MEDIUM 8.8 HIGH
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.
CVE-2016-4572 1 Cloudera 1 Cdh 2019-12-10 6.5 MEDIUM 8.8 HIGH
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
CVE-2016-5724 1 Cloudera 1 Cdh 2019-12-10 5.0 MEDIUM 7.5 HIGH
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
CVE-2017-7399 1 Cloudera 1 Cloudera Manager 2019-12-04 6.5 MEDIUM 8.8 HIGH
Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users.
CVE-2015-6495 1 Cloudera 1 Cloudera Manager 2019-12-03 5.0 MEDIUM 7.5 HIGH
There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.
CVE-2017-15536 1 Cloudera 1 Data Science Workbench 2019-10-03 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables.
CVE-2018-11744 1 Cloudera 1 Cloudera Manager 2019-07-18 6.8 MEDIUM 8.1 HIGH
Cloudera Manager through 5.15 has Incorrect Access Control.
CVE-2017-9326 1 Cloudera 1 Cloudera Manager 2019-07-11 3.5 LOW 7.5 HIGH
The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed.
CVE-2017-9325 1 Cloudera 1 Cdh 2019-07-11 6.4 MEDIUM 7.5 HIGH
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
CVE-2016-6605 1 Cloudera 1 Cdh 2017-04-14 5.0 MEDIUM 7.5 HIGH
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
CVE-2016-4950 1 Cloudera 1 Manager 2017-03-09 5.0 MEDIUM 7.5 HIGH
Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions.
CVE-2016-4949 1 Cloudera 1 Manager 2017-03-09 5.0 MEDIUM 7.5 HIGH
Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs.