5 matches found
CVE-2018-15665
CDSW (Cloudera Data Science Workbench) is affected for versions 1.2.x through 1.4.0. The issue allows unauthenticated users to obtain a list of user accounts, constituting an information-disclosure vulnerability. The available connected sources confirm the affected product and vulnerable behavior...
CVE-2018-11215
CVE-2018-11215 concerns Cloudera Data Science Workbench (CDSW) versions 1.3.0 and earlier. The connected records consistently state a remote code execution vulnerability in CDSW, caused by unspecified attack vectors. The sources do not disclose the exact root cause, affected software components b...
CVE-2018-20091
CVEResult: Affected product is Cloudera Data Science Workbench (CDSW) versions 1.4.0–1.4.2. The issue is an SQL injection that would allow any authenticated user to execute arbitrary SQL queries against CDSW’s internal database. The internal DB stores user contact information, encrypted CDSW pass...
CVE-2017-15536
CVE-2017-15536 affects Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. The CDSW web application contains multiple vulnerabilities that allow malicious authenticated users to escalate privileges within CDSW. By chaining these weaknesses, an attacker can achieve root access to CDSW nodes, ...
CVE-2018-20090
CVE-2018-20090 affects Cloudera Data Science Workbench (CDSW) versions 1.4.0–1.4.2. The issue is an access-control flaw that allows authenticated users to bypass project permission checks and gain read/write access to any project folder. Root cause: improper enforcement of project-level permissio...