Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:93017
HistoryApr 24, 2017 - 12:00 a.m.

Cloudera Manager =< 5.5 Enumerating user sessions with an unprivileged account (CVE-2016-4950)

2017-04-2400:00:00
Root
www.seebug.org
15

EPSS

0.003

Percentile

69.0%

JSON

Cloudera Manager =< 5.5 is vulnerable to an access control issue allowing an unprivileged account to enumerate current active user sessions with the following GET request:

http://&lt;cloudera_manager_IP&gt;:7180/api/v11/users/sessions

It is worth mentioning that a user using the API won’t appear in the β€œcurrently connected” user list.
The Cloudera CERT indicated that this vulnerability is fixed in version 5.8.

Moreover, Cloudera Manager =< 5.5 is vulnerable to an access control issue allowing an unprivileged user to enumerate registered users and their role with the following GET request:

http://&lt;cloudera_manager_IP&gt;:7180/api/v1/users

Related

nvd 1
cve 1
cvelist 1
prion 1
ibm 1
openvas 1
nvd
nvd
CVE-2016-4950
2017-03-07 16:59:00
cve
cve
CVE-2016-4950
2017-03-07 16:59:00
cvelist
cvelist
CVE-2016-4950
2017-03-07 16:00:00
prion
prion
Design/Logic Flaw
2017-03-07 16:59:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities
2018-07-06 15:43:26
openvas
openvas
Cloudera Manager Multiple Vulnerabilities
2017-03-09 00:00:00

EPSS

0.003

Percentile

69.0%

JSON
Related for SSV:93017
nvd1cve1cvelist1prion1ibm1openvas1