Lucene search

MitreCVE-2015-2263

HistoryMar 23, 2017 - 8:59 p.m.

CVE-2015-2263

2017-03-2320:59:00

CWE-264

mitre

web.nvd.nist.gov

cloudera manager

vulnerability

global read permissions

yarn nodemanager

nvd

cve-2015-2263

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process.

Affected configurations

Nvd

Node

clouderacloudera_managerMatch4.0.0

clouderacloudera_managerMatch4.0.1

clouderacloudera_managerMatch4.0.2

clouderacloudera_managerMatch4.0.3

clouderacloudera_managerMatch4.0.4

clouderacloudera_managerMatch4.1.0

clouderacloudera_managerMatch4.1.1

clouderacloudera_managerMatch4.1.2

clouderacloudera_managerMatch4.1.3

clouderacloudera_managerMatch4.1.4

clouderacloudera_managerMatch4.5.0

clouderacloudera_managerMatch4.5.1

clouderacloudera_managerMatch4.5.2

clouderacloudera_managerMatch4.5.3

clouderacloudera_managerMatch4.5.4

clouderacloudera_managerMatch4.6.0

clouderacloudera_managerMatch4.6.1

clouderacloudera_managerMatch4.6.2

clouderacloudera_managerMatch4.6.3

clouderacloudera_managerMatch4.7.0

clouderacloudera_managerMatch4.7.1

clouderacloudera_managerMatch4.7.2

clouderacloudera_managerMatch4.7.3

clouderacloudera_managerMatch5.0.0

clouderacloudera_managerMatch5.0.0beta1

clouderacloudera_managerMatch5.0.0beta2

clouderacloudera_managerMatch5.0.1

clouderacloudera_managerMatch5.0.2

clouderacloudera_managerMatch5.0.5

clouderacloudera_managerMatch5.1.0

clouderacloudera_managerMatch5.1.1

clouderacloudera_managerMatch5.1.2

clouderacloudera_managerMatch5.1.3

clouderacloudera_managerMatch5.1.4

clouderacloudera_managerMatch5.2.0

clouderacloudera_managerMatch5.2.1

clouderacloudera_managerMatch5.2.2

clouderacloudera_managerMatch5.2.4

clouderacloudera_managerMatch5.3.0

clouderacloudera_managerMatch5.3.1

clouderacloudera_managerMatch5.3.2

VendorProductVersionCPE
clouderacloudera_manager4.0.0cpe:2.3:a:cloudera:cloudera_manager:4.0.0:*:*:*:*:*:*:*
clouderacloudera_manager4.0.1cpe:2.3:a:cloudera:cloudera_manager:4.0.1:*:*:*:*:*:*:*
clouderacloudera_manager4.0.2cpe:2.3:a:cloudera:cloudera_manager:4.0.2:*:*:*:*:*:*:*
clouderacloudera_manager4.0.3cpe:2.3:a:cloudera:cloudera_manager:4.0.3:*:*:*:*:*:*:*
clouderacloudera_manager4.0.4cpe:2.3:a:cloudera:cloudera_manager:4.0.4:*:*:*:*:*:*:*
clouderacloudera_manager4.1.0cpe:2.3:a:cloudera:cloudera_manager:4.1.0:*:*:*:*:*:*:*
clouderacloudera_manager4.1.1cpe:2.3:a:cloudera:cloudera_manager:4.1.1:*:*:*:*:*:*:*
clouderacloudera_manager4.1.2cpe:2.3:a:cloudera:cloudera_manager:4.1.2:*:*:*:*:*:*:*
clouderacloudera_manager4.1.3cpe:2.3:a:cloudera:cloudera_manager:4.1.3:*:*:*:*:*:*:*
clouderacloudera_manager4.1.4cpe:2.3:a:cloudera:cloudera_manager:4.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cloudera	cloudera_manager	4.0.0	cpe:2.3:a:cloudera:cloudera_manager:4.0.0:::::::*
cloudera	cloudera_manager	4.0.1	cpe:2.3:a:cloudera:cloudera_manager:4.0.1:::::::*
cloudera	cloudera_manager	4.0.2	cpe:2.3:a:cloudera:cloudera_manager:4.0.2:::::::*
cloudera	cloudera_manager	4.0.3	cpe:2.3:a:cloudera:cloudera_manager:4.0.3:::::::*
cloudera	cloudera_manager	4.0.4	cpe:2.3:a:cloudera:cloudera_manager:4.0.4:::::::*
cloudera	cloudera_manager	4.1.0	cpe:2.3:a:cloudera:cloudera_manager:4.1.0:::::::*
cloudera	cloudera_manager	4.1.1	cpe:2.3:a:cloudera:cloudera_manager:4.1.1:::::::*
cloudera	cloudera_manager	4.1.2	cpe:2.3:a:cloudera:cloudera_manager:4.1.2:::::::*
cloudera	cloudera_manager	4.1.3	cpe:2.3:a:cloudera:cloudera_manager:4.1.3:::::::*
cloudera	cloudera_manager	4.1.4	cpe:2.3:a:cloudera:cloudera_manager:4.1.4:::::::*

Rows per page:

1-10 of 411

References

www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2015-2263