Vulnerabilities > CVE-2017-9326 - Credentials Management vulnerability in Cloudera Manager 5.11.0

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

cloudera

CWE-255

NVD

Published: 2019-07-03

Updated: 2019-07-11

Summary

The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed.

Vulnerable Configurations

Part	Description	Count
Application	Cloudera Cloudera Cloudera Manager 5.11.0	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html