CVE-2018-20090
https://notcve.org/view.php?id=CVE-2018-20090
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder. Se detectó un problema en Cloudera Data Science Workbench (CDSW) versiones 1.4.0 hasta 1.4.2. Los usuarios autenticados pueden omitir las comprobaciones de permisos del proyecto y conseguir acceso de lectura y escritura a cualquier carpeta del proyecto. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351 • CWE-276: Incorrect Default Permissions •
CVE-2018-11215
https://notcve.org/view.php?id=CVE-2018-11215
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors. La ejecución remota de código es posible en Cloudera Data Science Workbench versión 1.3.0 y versiones anteriores mediante vectores de ataque no especificados. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-15665
https://notcve.org/view.php?id=CVE-2018-15665
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts. Se detectó un problema en Cloudera Data Science Workbench (CDSW) versión 1.2.x hasta 1.4.0. Los usuarios no autenticados pueden conseguir una lista de cuentas de usuario. • https://www.cloudera.com https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-20091
https://notcve.org/view.php?id=CVE-2018-20091
An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs. Se encontró una vulnerabilidad de inyección SQL en Cloudera Data Science Workbench (CDSW) versión 1.4.0 hasta la versión 1.4.2. Esto permitiría a cualquier usuario autenticado ejecutar consultas arbitrarias en la base de datos interna de CDSW. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html https://www.cloudera.com/products/data-science-and-engineering/data-science-workbench.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-15536
https://notcve.org/view.php?id=CVE-2017-15536
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables. Se ha descubierto un problema en Cloudera Data Science Workbench (CDSW) en versiones 1.x anteriores a la 1.2.0. Varias vulnerabilidades de aplicación web permiten que usuarios autenticados maliciosos de CDSW escalen sus privilegios en la aplicación. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_248 • CWE-269: Improper Privilege Management •