CVE-2017-15536

Name of the Vulnerable Software and Affected Versions: Cloudera Data Science Workbench versions prior to 1.2.0

Description: An issue in Cloudera Data Science Workbench allows malicious authenticated users to escalate privileges. By exploiting several web application vulnerabilities, users can gain root access to nodes, access the database containing Kerberos keytabs and bcrypt hashed passwords, and obtain other privileged information such as session tokens, invitation tokens, and environment variables.

Recommendations: For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue.