CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-4572
https://notcve.org/view.php?id=CVE-2016-4572
26 Nov 2019 — In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. En Cloudera CDH versiones anteriores a 5.7.1, los comandos Impala REVOKE ALL ON SERVER no revocan todos los privilegios. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5724
https://notcve.org/view.php?id=CVE-2016-5724
26 Nov 2019 — Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles. Cloudera CDH versiones anteriores a 5.9, presenta Información Potencialmente Confidencial en Paquetes de Soporte de Diagnóstico. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6353
https://notcve.org/view.php?id=CVE-2016-6353
26 Nov 2019 — Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler. Cloudera Search en CDH versiones anteriores a 5.7.0, permite el acceso no autorizado a documentos porque las Consultas Solr por identificación de documento pueden omitir la seguridad a nivel de documento Sentry por medio de la función RealTimeGetHandler. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165 • CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11744
https://notcve.org/view.php?id=CVE-2018-11744
11 Jul 2019 — Cloudera Manager through 5.15 has Incorrect Access Control. Cloudera Manager hasta la versión 5.15, presenta un Control de Acceso Incorrecto. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-9325
https://notcve.org/view.php?id=CVE-2017-9325
03 Jul 2019 — The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs. La configuración de ejemplo de solrconfig.xml segura provista no impone la autorización de Sentry en / update / json / docs. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9326
https://notcve.org/view.php?id=CVE-2017-9326
03 Jul 2019 — The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed. La contraseña del almacén de claves para Spark History Server puede estar expuesta en archivos no protegidos en el directorio /var/run/cloudera-scm-agent administrado por Cloudera Manager. El archivo de almacén de claves en sí no está expuesto. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-255: Credentials Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9327
https://notcve.org/view.php?id=CVE-2017-9327
03 Jul 2019 — Secret data of processes managed by CM is not secured by file permissions. Los datos secretos de los procesos administrados por CM no están protegidos por permisos de archivo. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-275: Permission Issues •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2018-11215
https://notcve.org/view.php?id=CVE-2018-11215
03 Jul 2019 — Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors. La ejecución remota de código es posible en Cloudera Data Science Workbench versión 1.3.0 y versiones anteriores mediante vectores de ataque no especificados. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15665
https://notcve.org/view.php?id=CVE-2018-15665
21 Jun 2019 — An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts. Se detectó un problema en Cloudera Data Science Workbench (CDSW) versión 1.2.x hasta 1.4.0. Los usuarios no autenticados pueden conseguir una lista de cuentas de usuario. • https://www.cloudera.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15913
https://notcve.org/view.php?id=CVE-2018-15913
20 Jun 2019 — An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the user could be automatically redirected to an attacker's external site or perform a malicious JavaScript function that results in cross-site scripting (XSS). This was fixed by not allowing any value in the returnUrl parameter with pa... • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •