Vulnerabilities > Cloudera
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-15 | CVE-2021-3167 | Information Exposure vulnerability in Cloudera Data Engineering 1.3.0 In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs. | 4.0 |
| 2020-11-26 | CVE-2020-26936 | Cross-Site Request Forgery (CSRF) vulnerability in Cloudera Data Engineering Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack. | 6.8 |
| 2019-11-26 | CVE-2019-14449 | Cross-Site Scripting vulnerability in Cloudera Manager An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. | 3.5 |
| 2019-11-26 | CVE-2019-7319 | Improper Privilege Management vulnerability in Cloudera CDH 6.0.0/6.0.1/6.1.0 An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. | 6.5 |
| 2019-11-26 | CVE-2018-20090 | Incorrect Default Permissions vulnerability in Cloudera Data Science Workbench 1.4.0/1.4.1/1.4.2 An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. | 6.5 |
| 2019-11-26 | CVE-2017-7399 | Improper Privilege Management vulnerability in Cloudera Manager Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users. | 6.5 |
| 2019-11-26 | CVE-2016-9271 | Cross-Site Scripting vulnerability in Cloudera Manager Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature. | 3.5 |
| 2019-11-26 | CVE-2018-17860 | Incorrect Default Permissions vulnerability in Cloudera CDH Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. | 6.5 |
| 2019-11-26 | CVE-2015-4457 | Cross-Site Scripting vulnerability in Cloudera Manager Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors. | 3.5 |
| 2019-11-26 | CVE-2016-6353 | Incorrect Authorization vulnerability in Cloudera CDH Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler. | 3.5 |