CRITICAL🇵🇱 Wersja polska

CVE-2018-20091

CVSS 9.9v3.0pub. 2019-06-07upd. 2024-11-21

An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Cloudera Data Science Workbench

    APP
    Cloudera
    1.4.0 – 1.4.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2018-11215CRITICAL9.8ten sam produkt

Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unsp...

CVE-2018-20090HIGH8.3ten sam produkt

An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can...

CVE-2017-15536HIGH8.8ten sam produkt

An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vu...

CVE-2018-15665MEDIUM5.3ten sam produkt

An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users c...

CVE-2021-30132CRITICAL9.8ten sam vendor

Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.