U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:cloudera:cdh:5.0.0:beta2:*:*:*:*:*:*
  • CPE Name Search: true
There are 7 matching records.
Displaying matches 1 through 7.
Vuln ID Summary CVSS Severity
CVE-2018-17860

Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.

Published: November 26, 2019; 10:15:11 AM -0500 		V4.0:(not available)
 V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2016-6353

Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.

Published: November 26, 2019; 9:15:11 AM -0500 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0: 3.5 LOW
CVE-2016-5724

Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.

Published: November 26, 2019; 9:15:11 AM -0500 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-3131

Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.

Published: November 26, 2019; 9:15:11 AM -0500 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2015-7831

In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.

Published: November 26, 2019; 9:15:11 AM -0500 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-9325

The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.

Published: July 03, 2019; 1:15:09 PM -0400 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 6.4 MEDIUM
CVE-2014-0229

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.

Published: March 23, 2017; 4:59:00 PM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM