10 matches found
EUVD-2015-4104
Malware in sbrugna...
EUVD-2018-17947
Malware in sbrugna...
CVE-2018-6185
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...
Cloudera Navigator Key Trustee KMS Encryption Issue Vulnerability
Cloudera Navigator Key Trustee KMS is a customized secret key management server from Cloudera. A security vulnerability exists in Cloudera Navigator Key Trustee KMS versions 5.12 and 5.13. An attacker can exploit the vulnerability to recover previously deleted but not cleaned keys or delete the...
CVE-2018-6185
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...
CVE-2018-6185
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...
Design/Logic Flaw
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...
CVE-2018-6185
CVE-2018-6185 concerns Cloudera Navigator Key Trustee KMS (versions 5.12 and 5.13). The root cause is an incorrect default ACL configuration for the two additional APIs (PURGE and UNDELETE) that govern encryption-zone keys; the ACLs default to “*”, permitting remote access to these commands. This...
Cloudera Navigator Security Bypass Vulnerability
Cloudera Navigator is a suite of data management tools for Hadoop platform integration from Cloudera, USA. The tool provides features such as auditing data access and validating access rights, searching metadata, and visualization. A security bypass vulnerability exists in Cloudera Navigator. An...
Code injection
Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...