10 results (0.004 seconds)

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. Cloudera CDH posee Permisos No Seguros porque TODOS no se pueden revocar, lo que afecta a versiones 5.x hasta 5.15.1 y versiones 6.x hasta 6.0.1. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop • CWE-276: Incorrect Default Permissions •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used. En Cloudera Hue, un usuario de solo lectura puede escalar privilegios cuando se utiliza CDH versiones 5.x anteriores a 5.4.9. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v • CWE-269: Improper Privilege Management •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. Cloudera CDH versiones anteriores a 5.6.1, permite la omisión de autorización por medio de llamadas de la API internas y directas. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120 • CWE-863: Incorrect Authorization •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. En Cloudera CDH versiones anteriores a 5.7.1, los comandos Impala REVOKE ALL ON SERVER no revocan todos los privilegios. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles. Cloudera CDH versiones anteriores a 5.9, presenta Información Potencialmente Confidencial en Paquetes de Soporte de Diagnóstico. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •