CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11215
https://notcve.org/view.php?id=CVE-2018-11215
03 Jul 2019 — Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors. La ejecución remota de código es posible en Cloudera Data Science Workbench versión 1.3.0 y versiones anteriores mediante vectores de ataque no especificados. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15665
https://notcve.org/view.php?id=CVE-2018-15665
21 Jun 2019 — An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts. Se detectó un problema en Cloudera Data Science Workbench (CDSW) versión 1.2.x hasta 1.4.0. Los usuarios no autenticados pueden conseguir una lista de cuentas de usuario. • https://www.cloudera.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15536
https://notcve.org/view.php?id=CVE-2017-15536
05 Feb 2018 — An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment va... • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_248 • CWE-269: Improper Privilege Management •