Cdh
by Cloudera
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6605 | Hig | 0.49 | 7.5 | 0.01 | Apr 10, 2017 | Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization. | ||
| CVE-2014-0229 | Med | 0.42 | 6.5 | 0.02 | Mar 23, 2017 | Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a… | ||
| CVE-2013-6446 | Low | 0.20 | 3.1 | 0.01 | Mar 23, 2017 | The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs. | ||
| CVE-2018-17860 | 0.00 | — | 0.01 | Nov 26, 2019 | Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. | |||
| CVE-2016-3131 | 0.00 | — | 0.01 | Nov 26, 2019 | Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. | |||
| CVE-2016-4572 | 0.00 | — | 0.01 | Nov 26, 2019 | In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. | |||
| CVE-2016-5724 | 0.00 | — | 0.01 | Nov 26, 2019 | Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles. | |||
| CVE-2012-1574 | 0.00 | — | 0.05 | Apr 12, 2012 | The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote… |
- risk 0.49cvss 7.5epss 0.01
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
- risk 0.42cvss 6.5epss 0.02
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a…
- risk 0.20cvss 3.1epss 0.01
The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.
- CVE-2018-17860Nov 26, 2019risk 0.00cvss —epss 0.01
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
- CVE-2016-3131Nov 26, 2019risk 0.00cvss —epss 0.01
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
- CVE-2016-4572Nov 26, 2019risk 0.00cvss —epss 0.01
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
- CVE-2016-5724Nov 26, 2019risk 0.00cvss —epss 0.01
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
- CVE-2012-1574Apr 12, 2012risk 0.00cvss —epss 0.05
The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote…