Sql injection

2019-06-0716:29:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.7%

JSON

An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW’s internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs.

CPENameOperatorVersion
data_science_workbenchge1.4.0
data_science_workbenchle1.4.2

CPE	Name	Operator	Version
	data_science_workbench	ge	1.4.0
	data_science_workbench	le	1.4.2

References

www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html

www.cloudera.com/products/data-science-and-engineering/data-science-workbench.html