Cdh Security Vulnerabilities and Issues — Cdh CVE List

Lucene search

ClouderaCdh

8 matches found

CVE•added 2019/07/03 5:15 p.m.•50 views

CVE-2017-9325

The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.

7.5CVSS7.5AI score0.00195EPSS

CVE•added 2019/11/26 4:15 p.m.•39 views

CVE-2019-7319

An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges.

8.3CVSS8.3AI score0.0059EPSS

CVE•added 2019/11/26 2:15 p.m.•37 views

CVE-2016-3131

Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.

6.5CVSS6.5AI score0.00146EPSS

CVE•added 2019/11/26 3:15 p.m.•36 views

CVE-2018-17860

Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.

7.2CVSS7AI score0.00282EPSS

CVE•added 2019/11/26 2:15 p.m.•35 views

CVE-2016-6353

Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.

6.5CVSS6.5AI score0.00176EPSS

CVE•added 2019/11/26 2:15 p.m.•30 views

CVE-2015-7831

In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.

8.8CVSS8.8AI score0.00345EPSS

CVE•added 2019/11/26 2:15 p.m.•30 views

CVE-2016-5724

Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.

7.5CVSS7.5AI score0.00399EPSS

CVE•added 2019/11/26 2:15 p.m.•25 views

CVE-2016-4572

In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.

8.8CVSS8.7AI score0.00345EPSS