PT-2019-8600 · Cloudera · Cloudera Manager

Publicado

2019-11-26

Atualizado

2019-12-04

CVE-2017-7399

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloudera Manager versions 5.8.x through 5.8.4 Cloudera Manager versions 5.9.x through 5.9.1 Cloudera Manager versions 5.10.x through 5.10.0

Description The issue allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users.

Recommendations For Cloudera Manager versions 5.8.x through 5.8.4, update to version 5.8.5 or later. For Cloudera Manager versions 5.9.x through 5.9.1, update to version 5.9.2 or later. For Cloudera Manager versions 5.10.x through 5.10.0, update to version 5.10.1 or later.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2017-7399

Produtos afetados

Cloudera Manager

PT-2019-8600 · Cloudera · Cloudera Manager

CVE-2017-7399

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3