Vulnerabilities > CVE-2017-9326 - Credentials Management vulnerability in Cloudera Manager 5.11.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

cloudera

CWE-255

NVD

Published: 2019-07-03

Updated: 2019-07-11

Summary

The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed.

Vulnerable Configurations

Part	Description	Count
Application	Cloudera Cloudera Cloudera Manager 5.11.0	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html