CVE-2016-3131

Published: Nov 26, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.

Affected (4)

Products: Cloudera: Cdh

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Cloudera Cdh	From 5.0.0 to 5.3.10
Cloudera Cdh	From 5.4.0 to 5.4.10
Cloudera Cdh	From 5.5.0 to 5.5.4
Cloudera Cdh	Version 5.6.0

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120

Source: cve@mitre.org

Vendor Advisory

https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.