PT-2021-19720 · Cloudera · Cloudera Hue

Published

2021-11-08

Updated

2021-11-09

CVE-2021-32481

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Cloudera Hue version 4.6.0

Description: The issue allows for a cross-site scripting (XSS) attack via the type parameter. This means an attacker could potentially inject malicious scripts into the website, affecting users who access the page.

Recommendations: For Cloudera Hue version 4.6.0, avoid using the type parameter in affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to the vulnerable component to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-32481

Affected Products

Cloudera Hue

PT-2021-19720 · Cloudera · Cloudera Hue

CVE-2021-32481

Weakness Enumeration

Related Identifiers

Affected Products

References · 6