Vulnerabilities > Cloudera

DATE CVE VULNERABILITY TITLE RISK
2020-11-26 CVE-2020-26936 Cross-Site Request Forgery (CSRF) vulnerability in Cloudera Data Engineering
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.
network
cloudera CWE-352
6.8
2019-11-26 CVE-2019-14449 Cross-Site Scripting vulnerability in Cloudera Manager
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1.
network
cloudera CWE-79
3.5
2019-11-26 CVE-2019-7319 Improper Privilege Management vulnerability in Cloudera CDH 6.0.0/6.0.1/6.1.0
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0.
network
low complexity
cloudera CWE-269
6.5
2019-11-26 CVE-2018-20090 Incorrect Default Permissions vulnerability in Cloudera Data Science Workbench 1.4.0/1.4.1/1.4.2
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2.
network
low complexity
cloudera CWE-276
6.5
2019-11-26 CVE-2017-7399 Improper Privilege Management vulnerability in Cloudera Manager
Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users.
network
low complexity
cloudera CWE-269
6.5
2019-11-26 CVE-2016-9271 Cross-Site Scripting vulnerability in Cloudera Manager
Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature.
network
cloudera CWE-79
3.5
2019-11-26 CVE-2018-17860 Incorrect Default Permissions vulnerability in Cloudera CDH
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
network
low complexity
cloudera CWE-276
6.5
2019-11-26 CVE-2015-4457 Cross-Site Scripting vulnerability in Cloudera Manager
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.
network
cloudera CWE-79
3.5
2019-11-26 CVE-2016-6353 Incorrect Authorization vulnerability in Cloudera CDH
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
network
cloudera CWE-863
3.5
2019-11-26 CVE-2016-5724 Information Exposure vulnerability in Cloudera CDH
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
network
low complexity
cloudera CWE-200
5.0