CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-7319
https://notcve.org/view.php?id=CVE-2019-7319
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges. Se detectó un problema en Cloudera Hue versiones 6.0.0 hasta 6.1.0. Cuando se usa uno de los siguientes backends de autenticación: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend u OAuthBackend, los usuarios externos son creados con privilegios de superusuario. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2018-17860
https://notcve.org/view.php?id=CVE-2018-17860
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. Cloudera CDH posee Permisos No Seguros porque TODOS no se pueden revocar, lo que afecta a versiones 5.x hasta 5.15.1 y versiones 6.x hasta 6.0.1. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop • CWE-276: Incorrect Default Permissions •