Filtered by vendor Cloudera Subscriptions
Total 51 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-5798 1 Cloudera 1 Cloudera Manager 2024-08-05 N/A
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.
CVE-2019-14449 1 Cloudera 1 Cloudera Manager 2024-08-05 5.4 Medium
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product.
CVE-2019-7319 1 Cloudera 1 Cdh 2024-08-04 8.3 High
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges.
CVE-2020-26936 1 Cloudera 1 Data Engineering 2024-08-04 8.8 High
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.
CVE-2021-32483 1 Cloudera 1 Cloudera Manager 2024-08-03 5.3 Medium
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.
CVE-2021-32482 1 Cloudera 1 Cloudera Manager 2024-08-03 6.1 Medium
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter.
CVE-2021-32481 1 Cloudera 1 Hue 2024-08-03 6.1 Medium
Cloudera Hue 4.6.0 allows XSS via the type parameter.
CVE-2021-30132 1 Cloudera 1 Cloudera Manager 2024-08-03 9.8 Critical
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.
CVE-2021-29994 1 Cloudera 1 Hue 2024-08-03 6.1 Medium
Cloudera Hue 4.6.0 allows XSS.
CVE-2021-29243 1 Cloudera 1 Cloudera Manager 2024-08-03 6.1 Medium
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.
CVE-2021-3167 1 Cloudera 1 Data Engineering 2024-08-03 6.5 Medium
In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.