VYPR
Low severity3.3NVD Advisory· Published Mar 23, 2017· Updated Jun 17, 2026

CVE-2015-2263

CVE-2015-2263

Description

Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process.

Affected products

42
  • Cloudera/Manager42 versions
    cpe:2.3:a:cloudera:cloudera_manager:4.0.0:*:*:*:*:*:*:*+ 41 more
    • cpe:2.3:a:cloudera:cloudera_manager:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:4.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.0.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.0.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cloudera_manager:5.3.2:*:*:*:*:*:*:*
    • (no CPE)range: 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.