CVE-2016-3131 — Incorrect Authorization in CDH

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 66.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 26

Latest updateMay 24

Description

Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

▶NVDcloudera/cdh5.0.0 — 5.3.10+3

GHSA

GHSA-2424-v4cf-7rr6: Cloudera CDH before 5↗2022-05-24

▶

CVEList

CVE-2016-3131: Cloudera CDH before 5↗2019-11-26

▶