CVE-2019-7319 โ€” Improper Privilege Management in CDH

CWE-269 โ€” Improper Privilege Management3 documents3 sources
Severity
8.3HIGHNVD
EPSS
0.6%
top 30.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cloudera CDH
Timeline
PublishedNov 26
Latest updateMay 24

Description

An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:HExploitability: 2.8 | Impact: 5.5

Affected Packages1 packages

โ–ถNVDcloudera/cdh6.0.0, 6.0.1, 6.1.0+2

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-g479-c966-m99h: An issue was discovered in Cloudera Hue 6โ†—2022-05-24
โ–ถ
CVEList
CVE-2019-7319: An issue was discovered in Cloudera Hue 6โ†—2019-11-26
โ–ถ
CVE-2019-7319 โ€” Improper Privilege Management in CDH | cvebase