Описание
Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:cloudera:cloudera_manager:3.7.0:*:enterprise:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:3.7.0:*:free:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:3.7.1:*:enterprise:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:3.7.1:*:free:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:3.7.2:*:enterprise:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:3.7.2:*:free:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:3.7.3:*:enterprise:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:3.7.3:*:free:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:3.7.4:*:enterprise:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:3.7.4:*:free:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:cloudera:cloudera_service_and_configuration_manager:3.5:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00442
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574.
EPSS
Процентиль: 63%
0.00442
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-310