Lucene search
+L

11 matches found

CVE
CVE
added 2017/03/23 8:0 p.m.72 views

CVE-2014-0229

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1 (and Cloudera CDH 5.0.x before 5.0.2) fail to check authorization for HDFS admin commands refreshNamenodes, deleteBlockPool, and shutdownDatanode. This allows remote authenticated users to cause DataNodes to shut down or perform unnecessary...

6.5CVSS6.4AI score0.01591EPSS
CVE
CVE
added 2019/07/03 4:23 p.m.63 views

CVE-2017-9325

Technical details about CVE-2017-9325 are not publicly available in the provided documents. Monitor for updates.

7.5CVSS7.5AI score0.00834EPSS
CVE
CVE
added 2019/11/26 1:58 p.m.53 views

CVE-2015-7831

CVE-2015-7831 affects Cloudera Hue with privilege escalation for a read-only user when CDH 5.x before 5.4.9 is used. The NVD entry documents the vulnerability with CVSS 2.0/3.1 scores (base 6.5 and 8.8, respectively) and an attack path described as network-based with low attack complexity and no ...

8.8CVSS8.8AI score0.01078EPSS
CVE
CVE
added 2019/11/26 3:22 p.m.53 views

CVE-2019-7319

CVE-2019-7319 affects Cloudera Hue 6.0.0–6.1.0. When using authentication backends LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users can be created with superuser privileges. This indicates a potential privilege-esc...

8.3CVSS8.3AI score0.01023EPSS
CVE
CVE
added 2019/11/26 1:57 p.m.52 views

CVE-2016-3131

The CVE-2016-3131 entry concerns Cloudera CDH before 5.6.1, where an authorization bypass is possible via direct internal API calls. Affected software is Cloudera CDH (pre-5.6.1); the root cause is bypass of access control through internal API calls. Documented impact includes potential to elevat...

6.5CVSS6.5AI score0.00667EPSS
CVE
CVE
added 2019/11/26 2:11 p.m.50 views

CVE-2018-17860

Technical details about CVE-2018-17860 are not publicly available in the provided connected documents. The initial description only notes insecure permissions in Cloudera CDH across certain versions. Monitor for updates.

7.2CVSS7AI score0.00952EPSS
CVE
CVE
added 2019/11/26 1:48 p.m.49 views

CVE-2016-6353

CVE-2016-6353 affects Cloudera CDH’s Cloudera Search component. The vulnerability arises in Solr Queries by document ID that can bypass Sentry document-level security via the RealTimeGetHandler, permitting unauthorized access to documents. Affected software is Cloudera CDH with Cloudera Search (p...

6.5CVSS6.5AI score0.00751EPSS
CVE
CVE
added 2019/11/26 1:49 p.m.46 views

CVE-2016-5724

CVE-2016-5724 affects Cloudera CDH prior to 5.9. The vulnerability is an information disclosure risk in the Diagnostic Support Bundles, allowing a remote attacker to obtain potentially sensitive information from those bundles. The issue is described consistently across connected sources as a flaw...

7.5CVSS7.5AI score0.01234EPSS
CVE
CVE
added 2017/03/23 8:0 p.m.39 views

CVE-2013-6446

The CVE concerns the JobHistory Server in Cloudera CDH 4.x prior to 4.6.0 and CDH 5.x prior to 5.0.0 Beta 2. When MRv2/YARN is used with HTTP authentication, remote authenticated users can obtain sensitive job information due to failure to enforce job ACLs. The description does not specify affect...

3.5CVSS3.7AI score0.00875EPSS
CVE
CVE
added 2019/11/26 1:51 p.m.38 views

CVE-2016-4572

CVE-2016-4572 affects Cloudera CDH versions prior to 5.7.1, where Impala REVOKE ALL ON SERVER commands fail to revoke all privileges. The risk is that some privileges may remain active for affected roles/services. The connected Red Hat and CNVD entries corroborate the same description. No explici...

8.8CVSS8.7AI score0.00861EPSS
CVE
CVE
added 2017/04/10 2:0 p.m.38 views

CVE-2016-6605

CVE-2016-6605 affects Cloudera CDH's Impala: versions 5.2.0 through 5.7.2 and 5.8.0 are vulnerable. The root cause is a Setry (likely Sentry) authorization bypass in Impala, enabling remote attackers to bypass access controls. Public documentation in connected sources confirms the affected produc...

7.5CVSS7.5AI score0.0136EPSS