CVE-2019-7319

Name of the Vulnerable Software and Affected Versions Cloudera Hue versions 6.0.0 through 6.1.0

Description An issue was discovered in Cloudera Hue. When using certain authentication backends, such as LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges.

Recommendations For Cloudera Hue versions 6.0.0 through 6.1.0, consider disabling the creation of external users or restricting their privileges until a fix is available. As a temporary workaround, restrict access to the authentication backends LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, and OAuthBackend to minimize the risk of exploitation.