CVE-2015-2263 - Vulnerability Details

Vendors	Products
Cloudera	Cloudera Manager

Link	Providers
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-08T00:00:00", "descriptions": [{"lang": "en", "value": "Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-24T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2263", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3", "refsource": "CONFIRM", "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:10:15.627Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-2263", "datePublished": "2017-03-23T20:00:00", "dateReserved": "2015-03-09T00:00:00", "dateUpdated": "2024-08-06T05:10:15.627Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-03-08T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-03-24T12:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2015-2263 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3 (string)

refsource : CONFIRM (string)

url : https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T05:10:15.627Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2015-2263 (string)

datePublished : 2017-03-23T20:00:00 (string)

dateReserved : 2015-03-09T00:00:00 (string)

dateUpdated : 2024-08-06T05:10:15.627Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2B1DE30B-319C-42DA-9DCD-AAA1113EE7A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C888621A-BAD7-4FB3-9948-F8B4DA889472", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FD101616-1911-4F6C-8144-C98F6CECEA94", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "BBA62E61-1065-4617-BDBE-5DFD33862E21", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "44962AA9-2731-4177-8F01-7DE83FD685B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B5642BED-6B64-4993-A2E4-2ADDFB325367", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "72FA5F9F-1331-40F9-8D59-15D1CE769698", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "CB51A0E6-0C9E-4749-A85F-23D4DFC79DE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2FF9A52D-124B-4F6C-93B6-3FC58CFA5260", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "34337AD1-9081-4640-93CE-17B156CBB5E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B01E3259-01C7-4418-828A-D4FEBC770956", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "0D8D8CEB-5995-439F-9FF4-116BE47AE1AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "0E749571-EF56-4DB8-BD8E-6F56A25502BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "052755F7-8132-413C-890A-BCA847D8F796", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "5E4D17CB-695B-4C90-ACED-717C4CCBF8F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "D9C09608-631D-4AC9-98A9-BC256FC6691B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "9917FD25-304A-4B0E-9C38-0743042B913B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "1B5916AA-B658-4899-AB67-54104D1B2917", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "CD49F66E-072D-4697-828D-31EA8F39CC6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "90131D83-6124-4F77-974B-7CE30DCA3177", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "E85EC6B7-ACE0-4A80-9DAD-158F9796B575", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "26BD428C-84C5-45DD-ADB3-2180F718D155", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:4.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "61A06045-6DFD-4BCC-B89B-97BB6AF19363", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4EA001C9-4AC8-4107-8891-628BF99A702D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "B1CB511F-1008-4765-876C-3E373F191D14", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "F831A418-C9A0-4527-B2A9-5366F3042F32", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "64223B68-46CD-44B5-B6FC-27546FAFECB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "6C7C3769-2990-4D2B-A0D3-350FEB568291", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "5EF367D3-5A51-4143-8E37-835B7D4050E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A50ECD9B-00D2-4342-B264-6D37231031BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5103CCF8-A0CC-4BB8-9269-6B061B7F3690", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "822A1CAB-EEEA-4F56-AAB8-5FF5285EF49C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F3733DFA-8D8E-4CC8-AD7C-DE6D81F4FCDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "390A6A11-0947-4A24-87B1-A4D6A4BF59A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FB05DE7-3A89-4BE6-B4BC-C7E609C7A0A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4724F623-5ACC-4A3D-9E73-5E7397F79B28", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "843DF823-8EDD-49C5-8948-4EB067C5CF63", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "3F65B171-68C2-43A7-B4F2-BAEC619922C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "91B584EF-1E03-4D8E-986B-5DF9FB8F0E27", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "924D38B1-7622-4157-B855-A24563DE16BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_manager:5.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "6EDA954F-E608-448F-AE72-27158423ED19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process."}, {"lang": "es", "value": "Cloudera Manager 4.x, 5.0.x en versiones anteriores a 5.0.6, 5.1.x en versiones anteriores a 5.1.5, 5.2.x en versiones anteriores a 5.2.5 y 5.3.x en versiones anteriores a 5.3.3 utiliza permisos globales de lectura para archivos en su directorio de configuraci\u00f3n al iniciar YARN NodeManager, permite a usuarios locales obtener informaci\u00f3n sensible leyendo los archivos, como demuestra yarn.keytab o ssl-server.xml en /var/run/cloudera-scm-agent/process."}], "id": "CVE-2015-2263", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-23T20:59:00.297", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 2B1DE30B-319C-42DA-9DCD-AAA1113EE7A3 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : C888621A-BAD7-4FB3-9948-F8B4DA889472 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : FD101616-1911-4F6C-8144-C98F6CECEA94 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : BBA62E61-1065-4617-BDBE-5DFD33862E21 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.0.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 44962AA9-2731-4177-8F01-7DE83FD685B3 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B5642BED-6B64-4993-A2E4-2ADDFB325367 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 72FA5F9F-1331-40F9-8D59-15D1CE769698 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : CB51A0E6-0C9E-4749-A85F-23D4DFC79DE9 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 2FF9A52D-124B-4F6C-93B6-3FC58CFA5260 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 34337AD1-9081-4640-93CE-17B156CBB5E9 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B01E3259-01C7-4418-828A-D4FEBC770956 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 0D8D8CEB-5995-439F-9FF4-116BE47AE1AF (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.5.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 0E749571-EF56-4DB8-BD8E-6F56A25502BF (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.5.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 052755F7-8132-413C-890A-BCA847D8F796 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.5.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 5E4D17CB-695B-4C90-ACED-717C4CCBF8F6 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D9C09608-631D-4AC9-98A9-BC256FC6691B (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.6.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 9917FD25-304A-4B0E-9C38-0743042B913B (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.6.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 1B5916AA-B658-4899-AB67-54104D1B2917 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.6.3:*:*:*:*:*:*:* (string)

matchCriteriaId : CD49F66E-072D-4697-828D-31EA8F39CC6C (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 90131D83-6124-4F77-974B-7CE30DCA3177 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.7.1:*:*:*:*:*:*:* (string)

matchCriteriaId : E85EC6B7-ACE0-4A80-9DAD-158F9796B575 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.7.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 26BD428C-84C5-45DD-ADB3-2180F718D155 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:4.7.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 61A06045-6DFD-4BCC-B89B-97BB6AF19363 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 4EA001C9-4AC8-4107-8891-628BF99A702D (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.0.0:beta1:*:*:*:*:*:* (string)

matchCriteriaId : B1CB511F-1008-4765-876C-3E373F191D14 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.0.0:beta2:*:*:*:*:*:* (string)

matchCriteriaId : F831A418-C9A0-4527-B2A9-5366F3042F32 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 64223B68-46CD-44B5-B6FC-27546FAFECB9 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 6C7C3769-2990-4D2B-A0D3-350FEB568291 (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 5EF367D3-5A51-4143-8E37-835B7D4050E8 (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : A50ECD9B-00D2-4342-B264-6D37231031BE (string)

vulnerable : true (boolean)

}

30 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 5103CCF8-A0CC-4BB8-9269-6B061B7F3690 (string)

vulnerable : true (boolean)

}

31 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 822A1CAB-EEEA-4F56-AAB8-5FF5285EF49C (string)

vulnerable : true (boolean)

}

32 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : F3733DFA-8D8E-4CC8-AD7C-DE6D81F4FCDD (string)

vulnerable : true (boolean)

}

33 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 390A6A11-0947-4A24-87B1-A4D6A4BF59A0 (string)

vulnerable : true (boolean)

}

34 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 2FB05DE7-3A89-4BE6-B4BC-C7E609C7A0A2 (string)

vulnerable : true (boolean)

}

35 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 4724F623-5ACC-4A3D-9E73-5E7397F79B28 (string)

vulnerable : true (boolean)

}

36 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 843DF823-8EDD-49C5-8948-4EB067C5CF63 (string)

vulnerable : true (boolean)

}

37 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.2.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 3F65B171-68C2-43A7-B4F2-BAEC619922C0 (string)

vulnerable : true (boolean)

}

38 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 91B584EF-1E03-4D8E-986B-5DF9FB8F0E27 (string)

vulnerable : true (boolean)

}

39 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 924D38B1-7622-4157-B855-A24563DE16BD (string)

vulnerable : true (boolean)

}

40 : { »

criteria : cpe:2.3:a:cloudera:cloudera_manager:5.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 6EDA954F-E608-448F-AE72-27158423ED19 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process. (string)

}

1 : { »

lang : es (string)

value : Cloudera Manager 4.x, 5.0.x en versiones anteriores a 5.0.6, 5.1.x en versiones anteriores a 5.1.5, 5.2.x en versiones anteriores a 5.2.5 y 5.3.x en versiones anteriores a 5.3.3 utiliza permisos globales de lectura para archivos en su directorio de configuración al iniciar YARN NodeManager, permite a usuarios locales obtener información sensible leyendo los archivos, como demuestra yarn.keytab o ssl-server.xml en /var/run/cloudera-scm-agent/process. (string)

}

]

id : CVE-2015-2263 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 2.1 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 3.3 (number)

baseSeverity : LOW (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-03-23T20:59:00.297 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-264 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object