Cloudera Manager

CVEs (14)

CVE	Vendor / Product	CVSS	Published	Description
CVE-2019-14449	Cloudera Cloudera Manager	—	Nov 26, 2019	An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product.
CVE-2016-9271	Cloudera Cloudera Manager	—	Nov 26, 2019	Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature.
CVE-2017-7399	Cloudera Cloudera Manager	—	Nov 26, 2019	Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users.
CVE-2015-4457	Cloudera Cloudera Manager	—	Nov 26, 2019	Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.
CVE-2015-6495	Cloudera Cloudera Manager	—	Nov 26, 2019	There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.
CVE-2016-3192	Cloudera Cloudera Manager	—	Nov 26, 2019	Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.
CVE-2018-11744	Cloudera Cloudera Manager	—	Jul 11, 2019	Cloudera Manager through 5.15 has Incorrect Access Control.
CVE-2017-9327	Cloudera Cloudera Manager	—	Jul 3, 2019	Secret data of processes managed by CM is not secured by file permissions.
CVE-2018-15913	Cloudera Cloudera Manager	—	Jun 20, 2019	An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the…
CVE-2018-5798	Cloudera Cloudera Manager	—	Jun 7, 2019	This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.
CVE-2018-10815	Cloudera Cloudera Manager	—	May 24, 2019	An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information.
CVE-2014-8733	Cloudera Manager	—	Feb 10, 2015	Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password.
CVE-2014-0220	Cloudera Manager	—	Jun 10, 2014	Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API.
CVE-2012-2230	Cloudera Cloudera Service And Configuration Manager	—	Apr 12, 2012	Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different…

CVE-2019-14449Nov 26, 2019
Cloudera
Cloudera Manager
risk 0.00cvss —epss 0.00
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product.
CVE-2016-9271Nov 26, 2019
Cloudera
Cloudera Manager
risk 0.00cvss —epss 0.00
Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature.
CVE-2017-7399Nov 26, 2019
Cloudera
Cloudera Manager
risk 0.00cvss —epss 0.00
Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users.
CVE-2015-4457Nov 26, 2019
Cloudera
Cloudera Manager
risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.
CVE-2015-6495Nov 26, 2019
Cloudera
Cloudera Manager
risk 0.00cvss —epss 0.00
There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.
CVE-2016-3192Nov 26, 2019
Cloudera
Cloudera Manager
risk 0.00cvss —epss 0.00
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.
CVE-2018-11744Jul 11, 2019
Cloudera
Cloudera Manager
risk 0.00cvss —epss 0.00
Cloudera Manager through 5.15 has Incorrect Access Control.
CVE-2017-9327Jul 3, 2019
Cloudera
Cloudera Manager
risk 0.00cvss —epss 0.00
Secret data of processes managed by CM is not secured by file permissions.
CVE-2018-15913Jun 20, 2019
Cloudera
Cloudera Manager
risk 0.00cvss —epss 0.00
An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the…
CVE-2018-5798Jun 7, 2019
Cloudera
Cloudera Manager
risk 0.00cvss —epss 0.00
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.
CVE-2018-10815May 24, 2019
Cloudera
Cloudera Manager
risk 0.00cvss —epss 0.00
An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information.
CVE-2014-8733Feb 10, 2015
Cloudera
Manager
risk 0.00cvss —epss 0.00
Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password.
CVE-2014-0220Jun 10, 2014
Cloudera
Manager
risk 0.00cvss —epss 0.00
Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API.
CVE-2012-2230Apr 12, 2012
Cloudera
Cloudera Service And Configuration Manager
risk 0.00cvss —epss 0.00
Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different…