Summary
Cloudera Manager is prone to an information-disclosure vulnerability.
Impact
Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.
Solution
Udate Cloudera Manager to version 4.8.3/5.0.1 or later.
Insight
Cloudera Manager allows remote authenticated users to obtain sensitive configuration information via the API.
Affected
Cloudera Manager prior to 4.8.3 and 5.0.0 are vulnerable.
Detection
Check the version
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-0220 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:P/I:N/A:N
Related Vulnerabilities
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- Apache Open For Business HTML injection vulnerability
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability