Design/Logic Flaw

2018-02-0503:29:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.8%

JSON

An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables.

CPENameOperatorVersion
data_science_workbenchge1.0.0
data_science_workbenchlt1.2.0

CPE	Name	Operator	Version
	data_science_workbench	ge	1.0.0
	data_science_workbench	lt	1.2.0

References

www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html