CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9326
https://notcve.org/view.php?id=CVE-2017-9326
The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed. La contraseña del almacén de claves para Spark History Server puede estar expuesta en archivos no protegidos en el directorio /var/run/cloudera-scm-agent administrado por Cloudera Manager. El archivo de almacén de claves en sí no está expuesto. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-255: Credentials Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9327
https://notcve.org/view.php?id=CVE-2017-9327
Secret data of processes managed by CM is not secured by file permissions. Los datos secretos de los procesos administrados por CM no están protegidos por permisos de archivo. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-275: Permission Issues •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11215
https://notcve.org/view.php?id=CVE-2018-11215
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors. La ejecución remota de código es posible en Cloudera Data Science Workbench versión 1.3.0 y versiones anteriores mediante vectores de ataque no especificados. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15665
https://notcve.org/view.php?id=CVE-2018-15665
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts. Se detectó un problema en Cloudera Data Science Workbench (CDSW) versión 1.2.x hasta 1.4.0. Los usuarios no autenticados pueden conseguir una lista de cuentas de usuario. • https://www.cloudera.com https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15913
https://notcve.org/view.php?id=CVE-2018-15913
An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the user could be automatically redirected to an attacker's external site or perform a malicious JavaScript function that results in cross-site scripting (XSS). This was fixed by not allowing any value in the returnUrl parameter with patterns such as http://, https://, //, or javascript. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#cloudera_manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •