Vulnerabilities > Cloudera > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-26 CVE-2016-3192 Cleartext Storage of Sensitive Information vulnerability in Cloudera Manager
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.
network
low complexity
cloudera CWE-312
6.5
2019-11-26 CVE-2016-3131 Incorrect Authorization vulnerability in Cloudera CDH
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
network
low complexity
cloudera CWE-863
6.5
2019-07-03 CVE-2017-9327 Permission Issues vulnerability in Cloudera Manager 5.10.1/5.11.0/5.9.2
Secret data of processes managed by CM is not secured by file permissions.
network
low complexity
cloudera CWE-275
6.5
2019-06-21 CVE-2018-15665 Information Exposure vulnerability in Cloudera Data Science Workbench
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0.
network
low complexity
cloudera CWE-200
5.3
2019-06-20 CVE-2018-15913 Cross-site Scripting vulnerability in Cloudera Manager
An issue was discovered in Cloudera Manager 5.x through 5.15.0.
network
low complexity
cloudera CWE-79
6.1
2019-06-07 CVE-2018-6185 Cryptographic Issues vulnerability in Cloudera Manager and Navigator KEY Trustee KMS
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys.
network
low complexity
cloudera CWE-310
4.9
2019-06-07 CVE-2018-5798 Cross-site Scripting vulnerability in Cloudera Manager
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.
network
low complexity
cloudera CWE-79
6.1
2019-05-24 CVE-2018-10815 Information Exposure vulnerability in Cloudera Manager
An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1.
network
low complexity
cloudera CWE-200
6.5
2018-05-22 CVE-2015-8094 Open Redirect vulnerability in Cloudera HUE 3.9.0
Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.
network
low complexity
cloudera CWE-601
6.1
2017-03-23 CVE-2014-0229 Permissions, Privileges, and Access Controls vulnerability in multiple products
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.
network
low complexity
cloudera apache CWE-264
6.5