CVE-2018-15913

An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the user could be autom...

CVE-2018-5798

This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.

CVE-2017-9327

Secret data of processes managed by CM is not secured by file permissions.

CVE-2012-2230

Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-...

CVE-2018-10815

An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information.

CVE-2021-29243

Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.

CVE-2016-3192

Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.

CVE-2021-32482

Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter.