CVE-2017-9325

Published: Jul 3, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.

Affected (4)

Products: Cloudera: Cdh

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Cloudera Cdh	Up to 5.8.0
Cloudera Cdh	From 5.10.0 to 5.10.1
Cloudera Cdh	From 5.11.0 to 5.11.1
Cloudera Cdh	From 5.8.2 to 5.9.2

Related CWEs

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html

Source: cve@mitre.org

Vendor Advisory

https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.