CVE-2012-2230

Name of the Vulnerable Software and Affected Versions Cloudera Manager versions 3.7.x through 3.7.4 Cloudera Service and Configuration Manager version 3.5

Description The issue arises when Kerberos is not enabled, leading to improper installation of taskcontroller.cfg. This allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors.

Recommendations For Cloudera Manager versions 3.7.x through 3.7.4, update to version 3.7.5 or later. For Cloudera Service and Configuration Manager version 3.5, consider disabling the affected component until a patch is available, or apply the recommended configuration changes to properly install taskcontroller.cfg.