CVE-2016-4572

Published: Nov 26, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.

Affected (8)

Products: Cloudera: Cdh

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Cloudera Cdh	Version 5.5.0
Cloudera Cdh	Version 5.5.1
Cloudera Cdh	Version 5.5.2
Cloudera Cdh	Version 5.5.3
Cloudera Cdh	Version 5.5.4
Cloudera Cdh	Version 5.6.0
Cloudera Cdh	Version 5.6.1
Cloudera Cdh	Version 5.7.0

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb

Source: cve@mitre.org

Vendor Advisory

https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.