CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-15536

An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.3%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

Products affected by CVE-2017-15536

Cloudera » Data Science Workbench » Version: 1.0.0

cpe:2.3:a:cloudera:data_science_workbench:1.0.0
Cloudera » Data Science Workbench » Version: 1.0.1

cpe:2.3:a:cloudera:data_science_workbench:1.0.1
Cloudera » Data Science Workbench » Version: 1.1.0

cpe:2.3:a:cloudera:data_science_workbench:1.1.0
Cloudera » Data Science Workbench » Version: 1.1.1

cpe:2.3:a:cloudera:data_science_workbench:1.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-15536

Products

Pricing

Contact Us