CVE-2016-9271
https://notcve.org/view.php?id=CVE-2016-9271
Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature. Cloudera Manager versiones 5.7.x anteriores a 5.7.6, versiones 5.8.x anteriores a 5.8.4 y versiones 5.9.x anteriores a 5.9.1, permite un ataque de tipo XSS en la funcionalidad help search. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-7399
https://notcve.org/view.php?id=CVE-2017-7399
Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users. Cloudera Manager versiones 5.8.x anteriores a 5.8.5, versiones 5.9.x anteriores a 5.9.2 y versiones 5.10.x anteriores a 5.10.1, permite a un usuario de solo lectura de Cloudera Manager descubrir los nombres de usuario de otros usuarios y elevar los privilegios de esos usuarios. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_tvf_34r_1cb • CWE-269: Improper Privilege Management •
CVE-2019-7319
https://notcve.org/view.php?id=CVE-2019-7319
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges. Se detectó un problema en Cloudera Hue versiones 6.0.0 hasta 6.1.0. Cuando se usa uno de los siguientes backends de autenticación: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend u OAuthBackend, los usuarios externos son creados con privilegios de superusuario. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue • CWE-269: Improper Privilege Management •
CVE-2018-20090
https://notcve.org/view.php?id=CVE-2018-20090
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder. Se detectó un problema en Cloudera Data Science Workbench (CDSW) versiones 1.4.0 hasta 1.4.2. Los usuarios autenticados pueden omitir las comprobaciones de permisos del proyecto y conseguir acceso de lectura y escritura a cualquier carpeta del proyecto. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351 • CWE-276: Incorrect Default Permissions •
CVE-2018-17860
https://notcve.org/view.php?id=CVE-2018-17860
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. Cloudera CDH posee Permisos No Seguros porque TODOS no se pueden revocar, lo que afecta a versiones 5.x hasta 5.15.1 y versiones 6.x hasta 6.0.1. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop • CWE-276: Incorrect Default Permissions •