2 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs. En Cloudera Data Engineering (CDE) versión1.3.0, los tokens de autenticación JWT son expuestos para administradores en los registros del servidor del clúster virtual • https://docs.cloudera.com/data-engineering/cloud/release-notes/topics/cde-general-known-issues.html https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html https://my.cloudera.com/knowledge/TSB-2021-466-CDE-authentication-tokens-exposed-in-pod-and?id=310163 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack. Cloudera Data Engineering (CDE) versiones anteriores a 1.1, era vulnerable a un ataque de tipo CSRF • https://docs.cloudera.com/data-engineering/cloud/overview/topics/cde-service-overview.html https://my.cloudera.com/knowledge/TSB-2020-447-Cross-Site-Request-Forgery-vulnerability-in-CDE?id=304992 • CWE-352: Cross-Site Request Forgery (CSRF) •