CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29994
https://notcve.org/view.php?id=CVE-2021-29994
Cloudera Hue 4.6.0 allows XSS. Cloudera Hue versión 4.6.0, permite un ataque de tipo XSS • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html https://github.com/cloudera/hue https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32481
https://notcve.org/view.php?id=CVE-2021-32481
Cloudera Hue 4.6.0 allows XSS via the type parameter. Cloudera Hue versión 4.6.0, permite un ataque de tipo XSS por medio del parámetro type • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3167
https://notcve.org/view.php?id=CVE-2021-3167
In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs. En Cloudera Data Engineering (CDE) versión1.3.0, los tokens de autenticación JWT son expuestos para administradores en los registros del servidor del clúster virtual • https://docs.cloudera.com/data-engineering/cloud/release-notes/topics/cde-general-known-issues.html https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html https://my.cloudera.com/knowledge/TSB-2021-466-CDE-authentication-tokens-exposed-in-pod-and?id=310163 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26936
https://notcve.org/view.php?id=CVE-2020-26936
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack. Cloudera Data Engineering (CDE) versiones anteriores a 1.1, era vulnerable a un ataque de tipo CSRF • https://docs.cloudera.com/data-engineering/cloud/overview/topics/cde-service-overview.html https://my.cloudera.com/knowledge/TSB-2020-447-Cross-Site-Request-Forgery-vulnerability-in-CDE?id=304992 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-14449
https://notcve.org/view.php?id=CVE-2019-14449
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product. Se detectó un problema en Cloudera Manager versiones 5.x anteriores a 5.16.2, versiones 6.0.x anteriores a 6.0.2 y versiones 6.1.x anteriores a 6.1.1. Las consultas impala maliciosas pueden resultar en un ataque de tipo Cross Site Scripting (XSS) cuando se visualizan dentro de este producto. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_sky_fq1_cjb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •