Cross site request forgery (csrf)

2017-03-0716:59:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%

Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.

CPENameOperatorVersion
huele3.9.0

CPE	Name	Operator	Version
	hue	le	3.9.0

References

2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf

www.securityfocus.com/bid/93880