CVE-2017-7399

Published: Nov 26, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users.

Affected (12)

Products: Cloudera: Cloudera Manager

Cloudera

1 product

Cloudera Manager

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Cloudera Cloudera Manager	From 5.0.0 to 5.0.7
Cloudera Cloudera Manager	From 5.1.0 to 5.1.6
Cloudera Cloudera Manager	From 5.2.0 to 5.2.7
Cloudera Cloudera Manager	From 5.3.0 to 5.3.10
Cloudera Cloudera Manager	From 5.4.0 to 5.4.3
Cloudera Cloudera Manager	From 5.4.5 to 5.4.10
Cloudera Cloudera Manager	From 5.5.0 to 5.5.6
Cloudera Cloudera Manager	From 5.6.0 to 5.6.1
Cloudera Cloudera Manager	From 5.7.0 to 5.7.5
Cloudera Cloudera Manager	From 5.8.0 to 5.8.3
Cloudera Cloudera Manager	From 5.9.0 to 5.9.1
Cloudera Cloudera Manager	Version 5.10.0

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_tvf_34r_1cb

Source: cve@mitre.org

Vendor Advisory

https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_tvf_34r_1cb

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.