Vulnerabilities > Cloudera > CDH

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-26	CVE-2019-7319	Improper Privilege Management vulnerability in Cloudera CDH 6.0.0/6.0.1/6.1.0 An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. network low complexity cloudera CWE-269	8.3
2019-11-26	CVE-2018-17860	Incorrect Default Permissions vulnerability in Cloudera CDH Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. network low complexity cloudera CWE-276	7.2
2019-11-26	CVE-2016-6353	Incorrect Authorization vulnerability in Cloudera CDH Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler. network low complexity cloudera CWE-863	6.5
2019-11-26	CVE-2016-5724	Information Exposure vulnerability in Cloudera CDH Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles. network low complexity cloudera CWE-200	7.5
2019-11-26	CVE-2016-4572	Incorrect Authorization vulnerability in Cloudera CDH In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. network low complexity cloudera CWE-863	8.8
2019-11-26	CVE-2016-3131	Incorrect Authorization vulnerability in Cloudera CDH Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. network low complexity cloudera CWE-863	6.5
2019-11-26	CVE-2015-7831	Improper Privilege Management vulnerability in Cloudera CDH In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used. network low complexity cloudera CWE-269	8.8
2019-07-03	CVE-2017-9325	Improper Authorization vulnerability in Cloudera CDH The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs. network low complexity cloudera CWE-285	7.5
2017-04-10	CVE-2016-6605	Improper Access Control vulnerability in Cloudera CDH Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization. network low complexity cloudera CWE-284	7.5
2017-03-23	CVE-2014-0229	Permissions, Privileges, and Access Controls vulnerability in multiple products Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. network low complexity cloudera apache CWE-264	6.5