CVE-2017-15536

EPSS 0.3%
Published 05.02.2018 03:29:00
Last modified 21.11.2024 03:14:44
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cloudera ≫ Data Science Workbench Version >= 1.0.0 < 1.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.531

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_248

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-15536

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-15536

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-15536

EUVD