CVE-2017-7399 — CVSS 8.8 (high): Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the…
CVE-2015-6495 — CVSS 7.5 (high): There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.
CVE-2017-9326 — CVSS 7.5 (high): The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory…
CVE-2012-2230 — CVSS 6.5 (medium): Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install…
CVE-2018-10815 — CVSS 6.5 (medium): An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access…
CVE-2018-15913 — CVSS 6.1 (medium): An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to…
CVE-2016-9271 — CVSS 5.4 (medium): Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature.
CVE-2019-14449 — CVSS 5.4 (medium): An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can…
CVE-2015-4457 — CVSS 5.4 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject…
CVE-2021-32483 — CVSS 5.3 (medium): Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.
CVE-2018-6185 — CVSS 4.9 (medium): In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on…
CVE-2014-0220 — CVSS 4.0 (medium): Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the…
CVE-2015-2263 — CVSS 3.3 (low): Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for…
CVE-2015-4078 — CVSS 3.1 (low): Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it…
CVE-2014-8733 — CVSS 2.1 (low): Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop…