CVE-2016-4949

Name of the Vulnerable Software and Affected Versions Cloudera Manager versions 5.5 and earlier

Description The issue allows remote attackers to obtain sensitive information. This can be achieved by manipulating the filename parameter in the "/cmf/process//logs" endpoint, specifically by using a (1) stderr.log or (2) stdout.log value.

Recommendations For Cloudera Manager versions 5.5 and earlier, consider restricting access to the "/cmf/process//logs" endpoint to minimize the risk of exploitation. Avoid using the filename parameter with sensitive log values until the issue is resolved.