3 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles. Cloudera CDH versiones anteriores a 5.9, presenta Información Potencialmente Confidencial en Paquetes de Soporte de Diagnóstico. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs. La configuración de ejemplo de solrconfig.xml segura provista no impone la autorización de Sentry en / update / json / docs. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-285: Improper Authorization •

CVSS: 3.5EPSS: 0%CPEs: 17EXPL: 0

The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs. El JobHistory Server en Cloudera CDH 4.x en versiones anteriores a 4.6.0 y 5.x en versiones anteriores a 5.0.0 Beta 2, cuando se utiliza MRv2/YARN con autenticación HTTP, permite a usuarios remotos autenticados obtener información de trabajo sensible aprovechando el fallo para aplicar ACLs de trabajo. • http://www.securityfocus.com/bid/97068 https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n • CWE-264: Permissions, Privileges, and Access Controls •