2 results (0.012 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors. La ejecución remota de código es posible en Cloudera Data Science Workbench versión 1.3.0 y versiones anteriores mediante vectores de ataque no especificados. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables. Se ha descubierto un problema en Cloudera Data Science Workbench (CDSW) en versiones 1.x anteriores a la 1.2.0. Varias vulnerabilidades de aplicación web permiten que usuarios autenticados maliciosos de CDSW escalen sus privilegios en la aplicación. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_248 • CWE-269: Improper Privilege Management •