Description
Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/532312/100/0/threaded
Vendor Advisory x_refsource_confirm
http://www.cloudera.com/content/cloudera-content/cloudera-docs/SecurityBulletins/Security-Bulletin/csb_topic_2.html
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/126956/Cloudera-Manager-4.8.2-5.0.0-Information-Disclosure.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67912
Scores
EPSS
0.0185
EPSS Percentile
76.6%
Details
CWE
CWE-200
Status
published
Products (21)
cloudera/cloudera_manager
4.0.1
cloudera/cloudera_manager
4.0.2
cloudera/cloudera_manager
4.0.3
cloudera/cloudera_manager
4.1
cloudera/cloudera_manager
4.1.1
cloudera/cloudera_manager
4.1.2
cloudera/cloudera_manager
4.1.3
cloudera/cloudera_manager
4.1.4
cloudera/cloudera_manager
4.5.0
cloudera/cloudera_manager
4.5.1
... and 11 more
Published
Jun 10, 2014
Tracked Since
Feb 18, 2026