Hue
by Cloudera
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11649 | Med | 0.40 | 6.1 | 0.01 | Jun 1, 2018 | Hue 3.12 has XSS via the /pig/save/ name and script parameters. | ||
| CVE-2016-4946 | Med | 0.40 | 6.1 | 0.01 | Mar 7, 2017 | Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page. | ||
| CVE-2016-4947 | Med | 0.35 | 5.3 | 0.01 | Mar 7, 2017 | Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete. | ||
| CVE-2015-8094 | Med | 0.33 | 6.1 | 0.02 | May 22, 2018 | Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter. | ||
| CVE-2025-3884 | 0.01 | — | 0.02 | May 22, 2025 | Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability. The specific… | |||
| CVE-2021-29994 | 0.00 | — | 0.01 | Nov 8, 2021 | Cloudera Hue 4.6.0 allows XSS. | |||
| CVE-2021-32481 | 0.00 | — | 0.01 | Nov 8, 2021 | Cloudera Hue 4.6.0 allows XSS via the type parameter. | |||
| CVE-2018-7580 | 0.00 | — | 0.02 | Dec 21, 2020 | Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the… | |||
| CVE-2019-7319 | 0.00 | — | 0.01 | Nov 26, 2019 | An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser… | |||
| CVE-2015-7831 | 0.00 | — | 0.01 | Nov 26, 2019 | In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used. |
- risk 0.40cvss 6.1epss 0.01
Hue 3.12 has XSS via the /pig/save/ name and script parameters.
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.
- risk 0.35cvss 5.3epss 0.01
Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.
- risk 0.33cvss 6.1epss 0.02
Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.
- CVE-2025-3884May 22, 2025risk 0.01cvss —epss 0.02
Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability. The specific…
- CVE-2021-29994Nov 8, 2021risk 0.00cvss —epss 0.01
Cloudera Hue 4.6.0 allows XSS.
- CVE-2021-32481Nov 8, 2021risk 0.00cvss —epss 0.01
Cloudera Hue 4.6.0 allows XSS via the type parameter.
- CVE-2018-7580Dec 21, 2020risk 0.00cvss —epss 0.02
Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the…
- CVE-2019-7319Nov 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser…
- CVE-2015-7831Nov 26, 2019risk 0.00cvss —epss 0.01
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.