Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2015-4078

Disclosure Date: March 23, 2017 (last updated November 26, 2024)
Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
0
0
Attacker Value
Unknown

CVE-2015-2263

Disclosure Date: March 23, 2017 (last updated November 26, 2024)
Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process.
0
0