CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-7319
https://notcve.org/view.php?id=CVE-2019-7319
26 Nov 2019 — An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges. Se detectó un problema en Cloudera Hue versiones 6.0.0 hasta 6.1.0. Cuando se usa uno de los siguientes backends de autenticación: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBacke... • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2018-17860
https://notcve.org/view.php?id=CVE-2018-17860
26 Nov 2019 — Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. Cloudera CDH posee Permisos No Seguros porque TODOS no se pueden revocar, lo que afecta a versiones 5.x hasta 5.15.1 y versiones 6.x hasta 6.0.1. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb • CWE-276: Incorrect Default Permissions •