CVE-2013-6446CDH vulnerability

CWE-2643 documents3 sources
Severity
3.1LOWNVD
EPSS
0.2%
top 56.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cloudera CDH
Timeline
PublishedMar 23
Latest updateMay 17

Description

The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages1 packages

NVDcloudera/cdh17 versions+16

🔴Vulnerability Details

2
GHSA
GHSA-wwhw-vwhw-7mxv: The JobHistory Server in Cloudera CDH 42022-05-17
CVEList
CVE-2013-6446: The JobHistory Server in Cloudera CDH 42017-03-23
CVE-2013-6446 — Cloudera CDH vulnerability | cvebase