CVE-2016-6353 — Incorrect Authorization in CDH

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 62.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudera CDH

Timeline

PublishedNov 26

Latest updateMay 24

Description

Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDcloudera/cdh5.0.0 — 5.7.0

🔴Vulnerability Details

GHSA

GHSA-xfq9-m5c5-8p4q: Cloudera Search in CDH before 5↗2022-05-24

▶

CVEList

CVE-2016-6353: Cloudera Search in CDH before 5↗2019-11-26

▶