An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HCloudera Data Science Workbench
APPCloudera1.4.0 – 1.4.2
Powiązane podatności
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unsp...
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can...
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vu...
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users c...
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.