CVE-2013-6446

Published: Mar 23, 2017Modified: May 13, 2026

3.1

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.6 / Impact: 1.4

Source: NVD

Description

The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.

Affected (17)

Products: Cloudera: Cdh

Cloudera

1 product

Cdh

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Cloudera Cdh	Version 4.0.0
Cloudera Cdh	Version 4.0.1
Cloudera Cdh	Version 4.1.0
Cloudera Cdh	Version 4.1.1
Cloudera Cdh	Version 4.1.2
Cloudera Cdh	Version 4.1.3
Cloudera Cdh	Version 4.1.4
Cloudera Cdh	Version 4.1.5
Cloudera Cdh	Version 4.2.0
Cloudera Cdh	Version 4.2.1
Cloudera Cdh	Version 4.2.2
Cloudera Cdh	Version 4.3.0
Cloudera Cdh	Version 4.3.1
Cloudera Cdh	Version 4.3.2
Cloudera Cdh	Version 4.4.0
Cloudera Cdh	Version 4.5.0
Cloudera Cdh	Version 5.0.0 beta

Related CWEs

CWE-264

References (4)

http://www.securityfocus.com/bid/97068

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/97068

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.