VYPR

Hue

by Cloudera

Source repositories

CVEs (10)

  • CVE-2018-11649MedJun 1, 2018
    risk 0.40cvss 6.1epss 0.01

    Hue 3.12 has XSS via the /pig/save/ name and script parameters.

  • CVE-2016-4946MedMar 7, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.

  • CVE-2016-4947MedMar 7, 2017
    risk 0.35cvss 5.3epss 0.01

    Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.

  • CVE-2015-8094MedMay 22, 2018
    risk 0.33cvss 6.1epss 0.02

    Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.

  • CVE-2025-3884May 22, 2025
    risk 0.01cvss epss 0.02

    Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability. The specific…

  • CVE-2021-29994Nov 8, 2021
    risk 0.00cvss epss 0.01

    Cloudera Hue 4.6.0 allows XSS.

  • CVE-2021-32481Nov 8, 2021
    risk 0.00cvss epss 0.01

    Cloudera Hue 4.6.0 allows XSS via the type parameter.

  • CVE-2018-7580Dec 21, 2020
    risk 0.00cvss epss 0.02

    Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the…

  • CVE-2019-7319Nov 26, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser…

  • CVE-2015-7831Nov 26, 2019
    risk 0.00cvss epss 0.01

    In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.