Vulnerabilities > Cloudera
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-07 | CVE-2018-6185 | Cryptographic Issues vulnerability in Cloudera Manager and Navigator KEY Trustee KMS In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. | 4.9 |
| 2019-06-07 | CVE-2018-5798 | Cross-site Scripting vulnerability in Cloudera Manager This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager. | 6.1 |
| 2019-05-24 | CVE-2018-10815 | Information Exposure vulnerability in Cloudera Manager An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. | 6.5 |
| 2018-05-22 | CVE-2015-8094 | Open Redirect vulnerability in Cloudera HUE 3.9.0 Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter. | 6.1 |
| 2018-02-05 | CVE-2017-15536 | Improper Privilege Management vulnerability in Cloudera Data Science Workbench An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. | 8.8 |
| 2017-04-10 | CVE-2016-6605 | Improper Access Control vulnerability in Cloudera CDH Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization. | 7.5 |
| 2017-03-23 | CVE-2015-4166 | Key Management Errors vulnerability in Cloudera KEY Trustee Server 5.4.2 Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key. | 9.8 |
| 2017-03-23 | CVE-2015-4078 | Information Exposure vulnerability in Cloudera Manager and Navigator Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | 3.1 |
| 2017-03-23 | CVE-2015-2263 | Permissions, Privileges, and Access Controls vulnerability in Cloudera Manager Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process. | 3.3 |
| 2017-03-23 | CVE-2014-0229 | Permissions, Privileges, and Access Controls vulnerability in multiple products Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. | 6.5 |