Skip to main content
CVE-2015-2263 LOW Monitor

Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cloudera Manager
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2015-4078 LOW Monitor

Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Information Disclosure Cloudera Manager Navigator
NVD
CVSS 3.0
3.1
EPSS
0.2%
CVE-2013-6446 LOW Monitor

The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Cdh
NVD
CVSS 3.0
3.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy