3.5

CVE-2013-6446

The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ClouderaCdh Version4.0.0
ClouderaCdh Version4.0.1
ClouderaCdh Version4.1.0
ClouderaCdh Version4.1.1
ClouderaCdh Version4.1.2
ClouderaCdh Version4.1.3
ClouderaCdh Version4.1.4
ClouderaCdh Version4.1.5
ClouderaCdh Version4.2.0
ClouderaCdh Version4.2.1
ClouderaCdh Version4.2.2
ClouderaCdh Version4.3.0
ClouderaCdh Version4.3.1
ClouderaCdh Version4.3.2
ClouderaCdh Version4.4.0
ClouderaCdh Version4.5.0
ClouderaCdh Version5.0.0 Updatebeta
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.88% 0.542
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.1 1.6 1.4
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/bid/97068
Third Party Advisory
VDB Entry
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n
Vendor Advisory