RSS   Vulnerabilities for 'Cloudera manager'   RSS

2021-11-08
 
CVE-2021-29243

CWE-79
 

 
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.

 
 
CVE-2021-32482

CWE-79
 

 
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter.

 
 
CVE-2021-30132

CWE-269
 

 
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.

 
 
CVE-2021-32483

CWE-269
 

 
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.

 
2019-11-26
 
CVE-2019-14449

CWE-79
 

 
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product.

 
 
CVE-2017-7399

CWE-269
 

 
Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users.

 
 
CVE-2016-9271

CWE-79
 

 
Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature.

 
 
CVE-2016-3192

CWE-312
 

 
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.

 
 
CVE-2015-6495

CWE-200
 

 
There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.

 
 
CVE-2015-4457

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.

 


Copyright 2024, cxsecurity.com

 

Back to Top