Vulnerabilities > Cloudera

DATE CVE VULNERABILITY TITLE RISK
2019-11-26 CVE-2018-20090 Incorrect Default Permissions vulnerability in Cloudera Data Science Workbench 1.4.0/1.4.1/1.4.2
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2.
network
low complexity
cloudera CWE-276
6.5
6.5
2019-11-26 CVE-2017-7399 Improper Privilege Management vulnerability in Cloudera Manager
Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users.
network
low complexity
cloudera CWE-269
6.5
6.5
2019-11-26 CVE-2016-9271 Cross-site Scripting vulnerability in Cloudera Manager
Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature.
network
cloudera CWE-79
3.5
3.5
2019-11-26 CVE-2018-17860 Incorrect Default Permissions vulnerability in Cloudera CDH
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
network
low complexity
cloudera CWE-276
6.5
6.5
2019-11-26 CVE-2015-4457 Cross-site Scripting vulnerability in Cloudera Manager
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.
network
cloudera CWE-79
3.5
3.5
2019-11-26 CVE-2016-6353 Incorrect Authorization vulnerability in Cloudera CDH
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
network
cloudera CWE-863
3.5
3.5
2019-11-26 CVE-2016-5724 Information Exposure vulnerability in Cloudera CDH
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
network
low complexity
cloudera CWE-200
5.0
5.0
2019-11-26 CVE-2016-4572 Incorrect Authorization vulnerability in Cloudera CDH
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
network
low complexity
cloudera CWE-863
6.5
6.5
2019-11-26 CVE-2016-3192 Cleartext Storage of Sensitive Information vulnerability in Cloudera Manager
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.
network
low complexity
cloudera CWE-312
4.0
4.0
2019-11-26 CVE-2016-3131 Incorrect Authorization vulnerability in Cloudera CDH
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
network
low complexity
cloudera CWE-863
4.0
4.0