Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-2263

Опубликовано: 23 мар. 2017
Источник: nvd
CVSS3: 3.3
CVSS2: 2.1
EPSS Низкий

Описание

Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cloudera:cloudera_manager:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.5.2:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.5.3:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.5.4:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.6.3:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:4.7.3:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:cloudera_manager:5.3.2:*:*:*:*:*:*:*

EPSS

Процентиль: 11%
0.00036
Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-264

Связанные уязвимости

github логотип

GHSA-6whv-hjxj-235c

CVSS3: 3.3
github
больше 3 лет назад

Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process.

EPSS

Процентиль: 11%
0.00036
Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-264