Filtered by vendor Cloudera
Subscribe
Total
52 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3884 | 1 Cloudera | 1 Hue | 2026-06-17 | N/A | 7.5 HIGH |
| Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Ace Editor web application. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-24332. | |||||
| CVE-2022-22353 | 2 Cloudera, Ibm | 3 Data Platform, Big Sql, Cloud Pak For Data | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480. | |||||
| CVE-2021-3167 | 1 Cloudera | 1 Data Engineering | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs. | |||||
| CVE-2021-32483 | 1 Cloudera | 1 Cloudera Manager | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard. | |||||
| CVE-2021-32482 | 1 Cloudera | 1 Cloudera Manager | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter. | |||||
| CVE-2021-32481 | 1 Cloudera | 1 Hue | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cloudera Hue 4.6.0 allows XSS via the type parameter. | |||||
| CVE-2021-30132 | 1 Cloudera | 1 Cloudera Manager | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges. | |||||
| CVE-2021-29994 | 1 Cloudera | 1 Hue | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cloudera Hue 4.6.0 allows XSS. | |||||
| CVE-2021-29243 | 1 Cloudera | 1 Cloudera Manager | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. | |||||
| CVE-2020-26936 | 1 Cloudera | 1 Data Engineering | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack. | |||||
| CVE-2019-7319 | 1 Cloudera | 1 Cdh | 2026-06-17 | 6.5 MEDIUM | 8.3 HIGH |
| An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges. | |||||
| CVE-2019-14449 | 1 Cloudera | 1 Cloudera Manager | 2026-06-17 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product. | |||||
| CVE-2018-6185 | 1 Cloudera | 2 Cloudera Manager, Navigator Key Trustee Kms | 2026-06-17 | 5.5 MEDIUM | 4.9 MEDIUM |
| In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for these commands are keytrustee.kms.acl.PURGE and keytrustee.kms.acl.UNDELETE respectively. The default value for the ACLs in Key Trustee KMS 5.12.0 and 5.13.0 is "*" which allows anyone with knowledge of the name of an encryption zone key and network access to the Key Trustee KMS to make those calls against known encryption zone keys. This can result in the recovery of a previously deleted, but not purged, key (undelete) or the deletion of a key in active use (purge) resulting in loss of access to encrypted HDFS data. | |||||
| CVE-2018-5798 | 1 Cloudera | 1 Cloudera Manager | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager. | |||||
| CVE-2018-20091 | 1 Cloudera | 1 Data Science Workbench | 2026-06-17 | 6.5 MEDIUM | 9.9 CRITICAL |
| An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs. | |||||
| CVE-2018-20090 | 1 Cloudera | 1 Data Science Workbench | 2026-06-17 | 6.5 MEDIUM | 8.3 HIGH |
| An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder. | |||||
| CVE-2018-17860 | 1 Cloudera | 1 Cdh | 2026-06-17 | 6.5 MEDIUM | 7.2 HIGH |
| Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. | |||||
| CVE-2018-15913 | 1 Cloudera | 1 Cloudera Manager | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the user could be automatically redirected to an attacker's external site or perform a malicious JavaScript function that results in cross-site scripting (XSS). This was fixed by not allowing any value in the returnUrl parameter with patterns such as http://, https://, //, or javascript. The only exceptions to this rule are the SAML Login/Logout URLs, which remain supported since they are explicitly configured and they are not passed via the returnUrl parameter. | |||||
| CVE-2018-15665 | 1 Cloudera | 1 Data Science Workbench | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts. | |||||
| CVE-2018-11744 | 1 Cloudera | 1 Cloudera Manager | 2026-06-17 | 6.8 MEDIUM | 8.1 HIGH |
| Cloudera Manager through 5.15 has Incorrect Access Control. | |||||