CVE-2018-5798
https://notcve.org/view.php?id=CVE-2018-5798
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager. Este CVE se relaciona con una vulnerabilidad de cross site scripting no especificada en Cloudera Manager. • https://www.cloudera.com https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-10815
https://notcve.org/view.php?id=CVE-2018-10815
An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information. Se detectó un problema en Cloudera Manager versión anterior a 5.13.4, versión 5.14.x anterior a 5.14.4 y versión 5.15.x anterior a 5.15.1. Un usuario de solo lectura puede acceder a información confidencial del clúster. • https://www.cloudera.com https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-2263
https://notcve.org/view.php?id=CVE-2015-2263
Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process. Cloudera Manager 4.x, 5.0.x en versiones anteriores a 5.0.6, 5.1.x en versiones anteriores a 5.1.5, 5.2.x en versiones anteriores a 5.2.5 y 5.3.x en versiones anteriores a 5.3.3 utiliza permisos globales de lectura para archivos en su directorio de configuración al iniciar YARN NodeManager, permite a usuarios locales obtener información sensible leyendo los archivos, como demuestra yarn.keytab o ssl-server.xml en /var/run/cloudera-scm-agent/process. • https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3 • CWE-264: Permissions, Privileges, and Access Controls •