CVE-2016-4950

Name of the Vulnerable Software and Affected Versions Cloudera Manager versions 5.5 and earlier

Description The issue allows remote attackers to enumerate user sessions. This can be achieved by sending a request to the "api/v11/users/sessions" endpoint.

Recommendations For Cloudera Manager versions 5.5 and earlier, consider restricting access to the "api/v11/users/sessions" endpoint until a patch is available. As a temporary workaround, limit the information that can be obtained through this endpoint to minimize the risk of session enumeration. At the moment, there is no information about a newer version that contains a fix for this vulnerability.