CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-5798
https://notcve.org/view.php?id=CVE-2018-5798
07 Jun 2019 — This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager. Este CVE se relaciona con una vulnerabilidad de cross site scripting no especificada en Cloudera Manager. • https://www.cloudera.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10815
https://notcve.org/view.php?id=CVE-2018-10815
24 May 2019 — An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information. Se detectó un problema en Cloudera Manager versión anterior a 5.13.4, versión 5.14.x anterior a 5.14.4 y versión 5.15.x anterior a 5.15.1. Un usuario de solo lectura puede acceder a información confidencial del clúster. • https://www.cloudera.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 12EXPL: 0CVE-2015-4078
https://notcve.org/view.php?id=CVE-2015-4078
23 Mar 2017 — Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). Cloudera Navigator 2.2.x en versiones anteriores a 2.2.4 y 2.3.x en versiones anteriores a 2.3.3 incluyen soporte para SSLv3 cuando está configurado para utilizar SSL/TLS, lo que hace más fácil a atacantes man-in-the-middle obtener datos en tex... • https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_o1q_wrm_js • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 41EXPL: 0CVE-2015-2263
https://notcve.org/view.php?id=CVE-2015-2263
23 Mar 2017 — Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process. Cloudera Manager 4.x, 5.0.x en versiones anteriores a 5.0.6, 5.1.x en versiones anteriores a 5.1.5, 5.2.x en versiones anteriores a 5.2.5... • https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8733
https://notcve.org/view.php?id=CVE-2014-8733
10 Feb 2015 — Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password. Cloudera Manager 5.2.0, 5.2.1, y 5.3.0 almacena la contraseña del enlace LDAP en texto plano en ficheros de lectura universal no especificados bajo /etc/hadoop, lo que permite a usuarios locales obtener esta contraseña. • http://www.cloudera.com/content/cloudera/en/documentation/security-bulletins/Security-Bulletin/csb_topic_2.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •