CVE-2013-6446

Published Mar 23, 2017

Last updated 8 years ago

CVSS low 3.1

Overview

Description: The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 3.1
Impact score: 1.4
Exploitability score: 1.6
Vector string: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: LOW

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30715E47-3508-4413-9AF0-F7A5494BD3DB"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12AFC1A8-B5C1-4704-9208-66A7C58AFF66"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D6CA009-5032-4FE5-8BE6-D00C7DFEB162"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C243346-5F50-4C18-9DAE-A5828BA7DC3D"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D790D3B1-14A3-48D7-BA84-596D00F0793F"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A10C11CC-2C96-4CF0-BC66-7C5A9425A20A"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6718CB4-3D73-4E4F-B54C-EBF944D73352"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE609BC8-D73F-4032-AA71-E5F64910A2B7"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "935C3F63-BF05-4D0C-8C0A-55A8E5AFF8E0"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5A293DE-E885-4BCA-9807-AFEFFE33AC41"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA74529E-7E6B-410C-96E0-6437C7D674C3"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C9EFF66-7D5E-4E2B-AA8C-B75E4EACF6CD"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F33CA6D5-3BE7-4385-B67D-D983DFD0CBC5"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "031729AF-F9E6-479D-90FE-FA7C1E33104F"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9F8B080-BF55-4B31-B122-6F3C64C75ADD"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:4.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCAA7878-70CE-470C-8889-CB13A71FC2ED"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cdh:5.0.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0293F82-7BA9-4608-96B7-CCED9A98313C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References