CRITICAL🇬🇧 English

CVE-2018-20091

CVSS 9.9v3.0pub. 2019-06-07upd. 2024-11-21

An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Cloudera Data Science Workbench

    APP
    Cloudera
    1.4.0 – 1.4.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2018-11215CRITICAL9.8ten sam produkt

Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unsp...

CVE-2018-20090HIGH8.3ten sam produkt

An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can...

CVE-2017-15536HIGH8.8ten sam produkt

An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vu...

CVE-2018-15665MEDIUM5.3ten sam produkt

An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users c...

CVE-2021-30132CRITICAL9.8ten sam vendor

Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.