CVE-2018-10815
Description
An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A read-only user in Cloudera Manager can access sensitive cluster information due to insufficient access controls.
Vulnerability
Cloudera Manager versions prior to 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1 contain an authorization flaw that allows read-only users to access sensitive cluster information. The vulnerability exists in the permission model where read-only roles are not properly restricted from viewing confidential data.
Exploitation
An attacker with a read-only account on Cloudera Manager can exploit this by simply navigating to the sensitive information pages or using API calls that should be restricted. No additional privileges or user interaction beyond having a valid read-only session is required.
Impact
Successful exploitation leads to unauthorized disclosure of sensitive cluster information, such as configuration details, credentials, or other operational data. This compromises confidentiality but does not allow modification or denial of service.
Mitigation
Cloudera has addressed this issue in versions 5.13.4, 5.14.4, and 5.15.1. Users should upgrade to these or later versions. No workaround is documented; upgrading is the recommended action.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cloudera/Cloudera Managerdescription
- Range: <5.13.4 || >=5.14.0 <5.14.4 || >=5.15.0 <5.15.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.cloudera.commitrex_refsource_MISC
- www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.