Filtered by vendor Cloudera Subscriptions
Total 51 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-22353 2 Cloudera, Ibm 3 Data Platform, Big Sql, Cloud Pak For Data 2024-11-21 6.5 Medium
IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.
CVE-2021-3167 1 Cloudera 1 Data Engineering 2024-11-21 6.5 Medium
In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.
CVE-2021-32483 1 Cloudera 1 Cloudera Manager 2024-11-21 5.3 Medium
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.
CVE-2021-32482 1 Cloudera 1 Cloudera Manager 2024-11-21 6.1 Medium
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter.
CVE-2021-32481 1 Cloudera 1 Hue 2024-11-21 6.1 Medium
Cloudera Hue 4.6.0 allows XSS via the type parameter.
CVE-2021-30132 1 Cloudera 1 Cloudera Manager 2024-11-21 9.8 Critical
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.
CVE-2021-29994 1 Cloudera 1 Hue 2024-11-21 6.1 Medium
Cloudera Hue 4.6.0 allows XSS.
CVE-2021-29243 1 Cloudera 1 Cloudera Manager 2024-11-21 6.1 Medium
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.
CVE-2020-26936 1 Cloudera 1 Data Engineering 2024-11-21 8.8 High
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.
CVE-2019-7319 1 Cloudera 1 Cdh 2024-11-21 8.3 High
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges.
CVE-2019-14449 1 Cloudera 1 Cloudera Manager 2024-11-21 5.4 Medium
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product.
CVE-2018-6185 1 Cloudera 2 Cloudera Manager, Navigator Key Trustee Kms 2024-11-21 N/A
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for these commands are keytrustee.kms.acl.PURGE and keytrustee.kms.acl.UNDELETE respectively. The default value for the ACLs in Key Trustee KMS 5.12.0 and 5.13.0 is "*" which allows anyone with knowledge of the name of an encryption zone key and network access to the Key Trustee KMS to make those calls against known encryption zone keys. This can result in the recovery of a previously deleted, but not purged, key (undelete) or the deletion of a key in active use (purge) resulting in loss of access to encrypted HDFS data.
CVE-2018-5798 1 Cloudera 1 Cloudera Manager 2024-11-21 N/A
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.
CVE-2018-20091 1 Cloudera 1 Data Science Workbench 2024-11-21 N/A
An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs.
CVE-2018-20090 1 Cloudera 1 Data Science Workbench 2024-11-21 8.3 High
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.
CVE-2018-17860 1 Cloudera 1 Cdh 2024-11-21 7.2 High
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
CVE-2018-15913 1 Cloudera 1 Cloudera Manager 2024-11-21 6.1 Medium
An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the user could be automatically redirected to an attacker's external site or perform a malicious JavaScript function that results in cross-site scripting (XSS). This was fixed by not allowing any value in the returnUrl parameter with patterns such as http://, https://, //, or javascript. The only exceptions to this rule are the SAML Login/Logout URLs, which remain supported since they are explicitly configured and they are not passed via the returnUrl parameter.
CVE-2018-15665 1 Cloudera 1 Data Science Workbench 2024-11-21 N/A
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts.
CVE-2018-11744 1 Cloudera 1 Cloudera Manager 2024-11-21 N/A
Cloudera Manager through 5.15 has Incorrect Access Control.
CVE-2018-11215 1 Cloudera 1 Data Science Workbench 2024-11-21 N/A
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.