CVE-2021-29243
https://notcve.org/view.php?id=CVE-2021-29243
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. Cloudera Manager versiones 5.x, 6.x, 7.1.x, 7.2.x y 7.3.x, permiten un ataque de tipo XSS • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html https://my.cloudera.com/knowledge/TSB-2021-488-Cloudera-Manager-is-vulnerable-to-Cross-Site?id=322833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-32482
https://notcve.org/view.php?id=CVE-2021-32482
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter. Cloudera Manager versiones 5.x, 6.x, 7.1.x, 7.2.x y 7.3.x, permiten un ataque de tipo XSS por medio del parámetro path • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#cloudera_manager https://my.cloudera.com/knowledge/TSB-2021-488-Cloudera-Manager-is-vulnerable-to-Cross-Site?id=322833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-14449
https://notcve.org/view.php?id=CVE-2019-14449
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product. Se detectó un problema en Cloudera Manager versiones 5.x anteriores a 5.16.2, versiones 6.0.x anteriores a 6.0.2 y versiones 6.1.x anteriores a 6.1.1. Las consultas impala maliciosas pueden resultar en un ataque de tipo Cross Site Scripting (XSS) cuando se visualizan dentro de este producto. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_sky_fq1_cjb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-9271
https://notcve.org/view.php?id=CVE-2016-9271
Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature. Cloudera Manager versiones 5.7.x anteriores a 5.7.6, versiones 5.8.x anteriores a 5.8.4 y versiones 5.9.x anteriores a 5.9.1, permite un ataque de tipo XSS en la funcionalidad help search. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-7399
https://notcve.org/view.php?id=CVE-2017-7399
Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users. Cloudera Manager versiones 5.8.x anteriores a 5.8.5, versiones 5.9.x anteriores a 5.9.2 y versiones 5.10.x anteriores a 5.10.1, permite a un usuario de solo lectura de Cloudera Manager descubrir los nombres de usuario de otros usuarios y elevar los privilegios de esos usuarios. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_tvf_34r_1cb • CWE-269: Improper Privilege Management •