CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15913

An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the user could be automatically redirected to an attacker's external site or perform a malicious JavaScript function that results in cross-site scripting (XSS). This was fixed by not allowing any value in the returnUrl parameter with patterns such as http://, https://, //, or javascript. The only exceptions to this rule are the SAML Login/Logout URLs, which remain supported since they are explicitly configured and they are not passed via the returnUrl parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.8%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2018-15913

Cloudera » Cloudera Manager » Version: 5.0.0

cpe:2.3:a:cloudera:cloudera_manager:5.0.0
Cloudera » Cloudera Manager » Version: 5.0.2

cpe:2.3:a:cloudera:cloudera_manager:5.0.2
Cloudera » Cloudera Manager » Version: 5.0.5

cpe:2.3:a:cloudera:cloudera_manager:5.0.5
Cloudera » Cloudera Manager » Version: 5.0.7

cpe:2.3:a:cloudera:cloudera_manager:5.0.7
Cloudera » Cloudera Manager » Version: 5.1.0

cpe:2.3:a:cloudera:cloudera_manager:5.1.0
Cloudera » Cloudera Manager » Version: 5.1.1

cpe:2.3:a:cloudera:cloudera_manager:5.1.1
Cloudera » Cloudera Manager » Version: 5.1.2

cpe:2.3:a:cloudera:cloudera_manager:5.1.2
Cloudera » Cloudera Manager » Version: 5.1.3

cpe:2.3:a:cloudera:cloudera_manager:5.1.3
Cloudera » Cloudera Manager » Version: 5.1.4

cpe:2.3:a:cloudera:cloudera_manager:5.1.4
Cloudera » Cloudera Manager » Version: 5.1.6

cpe:2.3:a:cloudera:cloudera_manager:5.1.6
Cloudera » Cloudera Manager » Version: 5.10.0

cpe:2.3:a:cloudera:cloudera_manager:5.10.0
Cloudera » Cloudera Manager » Version: 5.10.1

cpe:2.3:a:cloudera:cloudera_manager:5.10.1
Cloudera » Cloudera Manager » Version: 5.10.2

cpe:2.3:a:cloudera:cloudera_manager:5.10.2
Cloudera » Cloudera Manager » Version: 5.11.0

cpe:2.3:a:cloudera:cloudera_manager:5.11.0
Cloudera » Cloudera Manager » Version: 5.11.1

cpe:2.3:a:cloudera:cloudera_manager:5.11.1
Cloudera » Cloudera Manager » Version: 5.11.2

cpe:2.3:a:cloudera:cloudera_manager:5.11.2
Cloudera » Cloudera Manager » Version: 5.12

cpe:2.3:a:cloudera:cloudera_manager:5.12
Cloudera » Cloudera Manager » Version: 5.12.0

cpe:2.3:a:cloudera:cloudera_manager:5.12.0
Cloudera » Cloudera Manager » Version: 5.12.1

cpe:2.3:a:cloudera:cloudera_manager:5.12.1
Cloudera » Cloudera Manager » Version: 5.12.2

cpe:2.3:a:cloudera:cloudera_manager:5.12.2
Cloudera » Cloudera Manager » Version: 5.13

cpe:2.3:a:cloudera:cloudera_manager:5.13
Cloudera » Cloudera Manager » Version: 5.13.0

cpe:2.3:a:cloudera:cloudera_manager:5.13.0
Cloudera » Cloudera Manager » Version: 5.13.1

cpe:2.3:a:cloudera:cloudera_manager:5.13.1
Cloudera » Cloudera Manager » Version: 5.13.3

cpe:2.3:a:cloudera:cloudera_manager:5.13.3
Cloudera » Cloudera Manager » Version: 5.13.4

cpe:2.3:a:cloudera:cloudera_manager:5.13.4
Cloudera » Cloudera Manager » Version: 5.14.0

cpe:2.3:a:cloudera:cloudera_manager:5.14.0
Cloudera » Cloudera Manager » Version: 5.14.1

cpe:2.3:a:cloudera:cloudera_manager:5.14.1
Cloudera » Cloudera Manager » Version: 5.14.2

cpe:2.3:a:cloudera:cloudera_manager:5.14.2
Cloudera » Cloudera Manager » Version: 5.14.3

cpe:2.3:a:cloudera:cloudera_manager:5.14.3
Cloudera » Cloudera Manager » Version: 5.14.4

cpe:2.3:a:cloudera:cloudera_manager:5.14.4
Cloudera » Cloudera Manager » Version: 5.15.0

cpe:2.3:a:cloudera:cloudera_manager:5.15.0
Cloudera » Cloudera Manager » Version: 5.2.0

cpe:2.3:a:cloudera:cloudera_manager:5.2.0
Cloudera » Cloudera Manager » Version: 5.2.1

cpe:2.3:a:cloudera:cloudera_manager:5.2.1
Cloudera » Cloudera Manager » Version: 5.2.2

cpe:2.3:a:cloudera:cloudera_manager:5.2.2
Cloudera » Cloudera Manager » Version: 5.2.4

cpe:2.3:a:cloudera:cloudera_manager:5.2.4
Cloudera » Cloudera Manager » Version: 5.2.7

cpe:2.3:a:cloudera:cloudera_manager:5.2.7
Cloudera » Cloudera Manager » Version: 5.3.0

cpe:2.3:a:cloudera:cloudera_manager:5.3.0
Cloudera » Cloudera Manager » Version: 5.3.1

cpe:2.3:a:cloudera:cloudera_manager:5.3.1
Cloudera » Cloudera Manager » Version: 5.3.10

cpe:2.3:a:cloudera:cloudera_manager:5.3.10
Cloudera » Cloudera Manager » Version: 5.3.2

cpe:2.3:a:cloudera:cloudera_manager:5.3.2
Cloudera » Cloudera Manager » Version: 5.3.3

cpe:2.3:a:cloudera:cloudera_manager:5.3.3
Cloudera » Cloudera Manager » Version: 5.3.7

cpe:2.3:a:cloudera:cloudera_manager:5.3.7
Cloudera » Cloudera Manager » Version: 5.4.0

cpe:2.3:a:cloudera:cloudera_manager:5.4.0
Cloudera » Cloudera Manager » Version: 5.4.1

cpe:2.3:a:cloudera:cloudera_manager:5.4.1
Cloudera » Cloudera Manager » Version: 5.4.10

cpe:2.3:a:cloudera:cloudera_manager:5.4.10
Cloudera » Cloudera Manager » Version: 5.4.2

cpe:2.3:a:cloudera:cloudera_manager:5.4.2
Cloudera » Cloudera Manager » Version: 5.4.3

cpe:2.3:a:cloudera:cloudera_manager:5.4.3
Cloudera » Cloudera Manager » Version: 5.4.4

cpe:2.3:a:cloudera:cloudera_manager:5.4.4
Cloudera » Cloudera Manager » Version: 5.4.5

cpe:2.3:a:cloudera:cloudera_manager:5.4.5
Cloudera » Cloudera Manager » Version: 5.4.6

cpe:2.3:a:cloudera:cloudera_manager:5.4.6
Cloudera » Cloudera Manager » Version: 5.4.7

cpe:2.3:a:cloudera:cloudera_manager:5.4.7
Cloudera » Cloudera Manager » Version: 5.4.8

cpe:2.3:a:cloudera:cloudera_manager:5.4.8
Cloudera » Cloudera Manager » Version: 5.4.9

cpe:2.3:a:cloudera:cloudera_manager:5.4.9
Cloudera » Cloudera Manager » Version: 5.5.0

cpe:2.3:a:cloudera:cloudera_manager:5.5.0
Cloudera » Cloudera Manager » Version: 5.5.1

cpe:2.3:a:cloudera:cloudera_manager:5.5.1
Cloudera » Cloudera Manager » Version: 5.5.2

cpe:2.3:a:cloudera:cloudera_manager:5.5.2
Cloudera » Cloudera Manager » Version: 5.5.3

cpe:2.3:a:cloudera:cloudera_manager:5.5.3
Cloudera » Cloudera Manager » Version: 5.5.4

cpe:2.3:a:cloudera:cloudera_manager:5.5.4
Cloudera » Cloudera Manager » Version: 5.5.5

cpe:2.3:a:cloudera:cloudera_manager:5.5.5
Cloudera » Cloudera Manager » Version: 5.5.6

cpe:2.3:a:cloudera:cloudera_manager:5.5.6
Cloudera » Cloudera Manager » Version: 5.6.0

cpe:2.3:a:cloudera:cloudera_manager:5.6.0
Cloudera » Cloudera Manager » Version: 5.6.1

cpe:2.3:a:cloudera:cloudera_manager:5.6.1
Cloudera » Cloudera Manager » Version: 5.7.0

cpe:2.3:a:cloudera:cloudera_manager:5.7.0
Cloudera » Cloudera Manager » Version: 5.7.1

cpe:2.3:a:cloudera:cloudera_manager:5.7.1
Cloudera » Cloudera Manager » Version: 5.7.2

cpe:2.3:a:cloudera:cloudera_manager:5.7.2
Cloudera » Cloudera Manager » Version: 5.7.3

cpe:2.3:a:cloudera:cloudera_manager:5.7.3
Cloudera » Cloudera Manager » Version: 5.7.4

cpe:2.3:a:cloudera:cloudera_manager:5.7.4
Cloudera » Cloudera Manager » Version: 5.7.5

cpe:2.3:a:cloudera:cloudera_manager:5.7.5
Cloudera » Cloudera Manager » Version: 5.7.6

cpe:2.3:a:cloudera:cloudera_manager:5.7.6
Cloudera » Cloudera Manager » Version: 5.8.0

cpe:2.3:a:cloudera:cloudera_manager:5.8.0
Cloudera » Cloudera Manager » Version: 5.8.1

cpe:2.3:a:cloudera:cloudera_manager:5.8.1
Cloudera » Cloudera Manager » Version: 5.8.2

cpe:2.3:a:cloudera:cloudera_manager:5.8.2
Cloudera » Cloudera Manager » Version: 5.8.3

cpe:2.3:a:cloudera:cloudera_manager:5.8.3
Cloudera » Cloudera Manager » Version: 5.8.4

cpe:2.3:a:cloudera:cloudera_manager:5.8.4
Cloudera » Cloudera Manager » Version: 5.8.5

cpe:2.3:a:cloudera:cloudera_manager:5.8.5
Cloudera » Cloudera Manager » Version: 5.9.0

cpe:2.3:a:cloudera:cloudera_manager:5.9.0
Cloudera » Cloudera Manager » Version: 5.9.1

cpe:2.3:a:cloudera:cloudera_manager:5.9.1
Cloudera » Cloudera Manager » Version: 5.9.2

cpe:2.3:a:cloudera:cloudera_manager:5.9.2
Cloudera » Cloudera Manager » Version: 5.9.3

cpe:2.3:a:cloudera:cloudera_manager:5.9.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15913

Products

Pricing

Contact Us