Cloudera: Security Vulnerabilities
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-11-26
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-26
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-11-26
There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-26
Cloudera Manager through 5.15 has Incorrect Access Control.
CVSS Score
8.1
EPSS Score
0.004
Published
2019-07-11
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-07-03
The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-07-03
Secret data of processes managed by CM is not secured by file permissions.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-07-03
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.
CVSS Score
9.8
EPSS Score
0.031
Published
2019-07-03
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts.
CVSS Score
5.3
EPSS Score
0.004
Published
2019-06-21