Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-11-26
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-11-26
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-11-26
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-26
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-11-26
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-07-03