Cloudera: >> Cloudera Manager >> 4.1.0 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-26
There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-26
Cloudera Manager through 5.15 has Incorrect Access Control.
CVSS Score
8.1
EPSS Score
0.004
Published
2019-07-11
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-06-07
An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-05-24
Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process.
CVSS Score
3.3
EPSS Score
0.0
Published
2017-03-23
Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API.
CVSS Score
4.0
EPSS Score
0.002
Published
2014-06-10