Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-11-26
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-11-26
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-11-26
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-26
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-11-26
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-07-03
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-04-10