CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2016-9271
https://notcve.org/view.php?id=CVE-2016-9271
26 Nov 2019 — Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature. Cloudera Manager versiones 5.7.x anteriores a 5.7.6, versiones 5.8.x anteriores a 5.8.4 y versiones 5.9.x anteriores a 5.9.1, permite un ataque de tipo XSS en la funcionalidad help search. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-7399
https://notcve.org/view.php?id=CVE-2017-7399
26 Nov 2019 — Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users. Cloudera Manager versiones 5.8.x anteriores a 5.8.5, versiones 5.9.x anteriores a 5.9.2 y versiones 5.10.x anteriores a 5.10.1, permite a un usuario de solo lectura de Cloudera Manager descubrir los nombres de usuario de otros usuarios y elevar los privilegios de esos usuarios. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_tvf_34r_1cb • CWE-269: Improper Privilege Management •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-7319
https://notcve.org/view.php?id=CVE-2019-7319
26 Nov 2019 — An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges. Se detectó un problema en Cloudera Hue versiones 6.0.0 hasta 6.1.0. Cuando se usa uno de los siguientes backends de autenticación: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBacke... • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b • CWE-269: Improper Privilege Management •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20090
https://notcve.org/view.php?id=CVE-2018-20090
26 Nov 2019 — An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder. Se detectó un problema en Cloudera Data Science Workbench (CDSW) versiones 1.4.0 hasta 1.4.2. Los usuarios autenticados pueden omitir las comprobaciones de permisos del proyecto y conseguir acceso de lectura y escritura a cualquier carpeta del proyecto. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351 • CWE-276: Incorrect Default Permissions •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2018-17860
https://notcve.org/view.php?id=CVE-2018-17860
26 Nov 2019 — Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. Cloudera CDH posee Permisos No Seguros porque TODOS no se pueden revocar, lo que afecta a versiones 5.x hasta 5.15.1 y versiones 6.x hasta 6.0.1. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb • CWE-276: Incorrect Default Permissions •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4457
https://notcve.org/view.php?id=CVE-2015-4457
26 Nov 2019 — Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz de usuario de Cloudera Manager versiones anteriores a 5.4.3, permiten a usuarios autenticados remotos inyectar script web o HTML arbitrario utilizando vectores no especificados. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_c1c_zbn_js • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-6495
https://notcve.org/view.php?id=CVE-2015-6495
26 Nov 2019 — There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles. Existe información confidencial en Paquetes de Soporte de Diagnóstico de Cloudera Manager versiones anteriores a 5.4.6. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_alalsdfkl4320_lfsk30f__l2k3jfsw34__39 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7831
https://notcve.org/view.php?id=CVE-2015-7831
26 Nov 2019 — In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used. En Cloudera Hue, un usuario de solo lectura puede escalar privilegios cuando se utiliza CDH versiones 5.x anteriores a 5.4.9. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3131
https://notcve.org/view.php?id=CVE-2016-3131
26 Nov 2019 — Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. Cloudera CDH versiones anteriores a 5.6.1, permite la omisión de autorización por medio de llamadas de la API internas y directas. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3192
https://notcve.org/view.php?id=CVE-2016-3192
26 Nov 2019 — Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files. Cloudera Manager versiones 5.x anteriores a 5.7.1, ubica Datos Confidenciales en Archivos Legibles de texto sin cifrar. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_134 • CWE-312: Cleartext Storage of Sensitive Information •