Search criteria
18 vulnerabilities found for hue by cloudera
FKIE_CVE-2025-3884
Vulnerability from fkie_nvd - Published: 2025-05-22 01:15 - Updated: 2025-08-15 16:40
Severity ?
Summary
Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Ace Editor web application. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-24332.
References
| URL | Tags | ||
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-25-250/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:hue:4.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D4E1379-117C-476A-A284-8C0B2F5AD20C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Ace Editor web application. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-24332."
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Directory Traversal en Cloudera Hue Ace Editor. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas de Cloudera Hue. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe en la aplicaci\u00f3n web Ace Editor. El problema se debe a la falta de validaci\u00f3n adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones con archivos. Un atacante puede aprovechar esta vulnerabilidad para divulgar informaci\u00f3n en el contexto de la cuenta de servicio. Era ZDI-CAN-24332."
}
],
"id": "CVE-2025-3884",
"lastModified": "2025-08-15T16:40:19.593",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
]
},
"published": "2025-05-22T01:15:54.180",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-250/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32481
Vulnerability from fkie_nvd - Published: 2021-11-08 13:15 - Updated: 2024-11-21 06:07
Severity ?
Summary
Cloudera Hue 4.6.0 allows XSS via the type parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:hue:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3140B4A4-0051-4F39-BFD5-14C144372364",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloudera Hue 4.6.0 allows XSS via the type parameter."
},
{
"lang": "es",
"value": "Cloudera Hue versi\u00f3n 4.6.0, permite un ataque de tipo XSS por medio del par\u00e1metro type"
}
],
"id": "CVE-2021-32481",
"lastModified": "2024-11-21T06:07:07.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-08T13:15:07.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-29994
Vulnerability from fkie_nvd - Published: 2021-11-08 13:15 - Updated: 2024-11-21 06:02
Severity ?
Summary
Cloudera Hue 4.6.0 allows XSS.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:hue:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3140B4A4-0051-4F39-BFD5-14C144372364",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloudera Hue 4.6.0 allows XSS."
},
{
"lang": "es",
"value": "Cloudera Hue versi\u00f3n 4.6.0, permite un ataque de tipo XSS"
}
],
"id": "CVE-2021-29994",
"lastModified": "2024-11-21T06:02:07.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-08T13:15:07.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cloudera/hue"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cloudera/hue"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-8094
Vulnerability from fkie_nvd - Published: 2018-05-22 18:29 - Updated: 2024-11-21 02:38
Severity ?
Summary
Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/cloudera/hue/pull/346 | Third Party Advisory | |
| cve@mitre.org | https://issues.cloudera.org/browse/HUE-3626 | Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://www.harmfultrust.com/p/advisories.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cloudera/hue/pull/346 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.cloudera.org/browse/HUE-3626 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.harmfultrust.com/p/advisories.html | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:hue:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6548FD55-1E53-45BA-ADE4-F86744B223EC",
"versionEndExcluding": "3.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de redirecci\u00f3n abierta en Cloudera HUE en versiones anteriores a la 3.10.0 permite que los atacantes remotos redirijan a los usuarios a sitios web arbitrarios y lleven a cabo ataques de phishing mediante una URL en el par\u00e1metro next."
}
],
"id": "CVE-2015-8094",
"lastModified": "2024-11-21T02:38:00.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-22T18:29:00.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cloudera/hue/pull/346"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.cloudera.org/browse/HUE-3626"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.harmfultrust.com/p/advisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cloudera/hue/pull/346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.cloudera.org/browse/HUE-3626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.harmfultrust.com/p/advisories.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-4947
Vulnerability from fkie_nvd - Published: 2017-03-07 16:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:hue:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E538AE2C-4469-4505-AEDD-D9AED3726698",
"versionEndIncluding": "3.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete."
},
{
"lang": "es",
"value": "Cloudera HUE 3.9.0 y versiones anteriores permite a atacantes remotos enumerar cuentas de usuario a trav\u00e9s de una petici\u00f3n a desktop/api/users/autocomplete."
}
],
"id": "CVE-2016-4947",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-07T16:59:00.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/93880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93880"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-4946
Vulnerability from fkie_nvd - Published: 2017-03-07 16:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:hue:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E538AE2C-4469-4505-AEDD-D9AED3726698",
"versionEndIncluding": "3.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Cloudera HUE 3.9.0 y versiones anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del campo (1) Nombre o (2) Apellido en la p\u00e1gina de usuarios HUE."
}
],
"id": "CVE-2016-4946",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-07T16:59:00.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/93881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93881"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-3884 (GCVE-0-2025-3884)
Vulnerability from cvelistv5 – Published: 2025-05-22 00:49 – Updated: 2025-05-22 15:53
VLAI?
Summary
Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Ace Editor web application. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-24332.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T15:48:57.673775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T15:53:37.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Hue",
"vendor": "Cloudera",
"versions": [
{
"status": "affected",
"version": "4.11.0"
}
]
}
],
"dateAssigned": "2025-04-22T21:43:17.279Z",
"datePublic": "2025-04-24T00:14:14.309Z",
"descriptions": [
{
"lang": "en",
"value": "Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Ace Editor web application. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-24332."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T00:49:29.032Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-250",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-250/"
}
],
"source": {
"lang": "en",
"value": "Hamidreza Hamidi and Jafar Akhoundali"
},
"title": "Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-3884",
"datePublished": "2025-05-22T00:49:29.032Z",
"dateReserved": "2025-04-22T21:43:17.238Z",
"dateUpdated": "2025-05-22T15:53:37.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29994 (GCVE-0-2021-29994)
Vulnerability from cvelistv5 – Published: 2021-11-08 12:30 – Updated: 2024-08-03 22:24
VLAI?
Summary
Cloudera Hue 4.6.0 allows XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cloudera/hue"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cloudera Hue 4.6.0 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T12:30:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cloudera/hue"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudera Hue 4.6.0 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cloudera/hue",
"refsource": "MISC",
"url": "https://github.com/cloudera/hue"
},
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html",
"refsource": "CONFIRM",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
},
{
"name": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634",
"refsource": "CONFIRM",
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29994",
"datePublished": "2021-11-08T12:30:39",
"dateReserved": "2021-04-02T00:00:00",
"dateUpdated": "2024-08-03T22:24:59.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32481 (GCVE-0-2021-32481)
Vulnerability from cvelistv5 – Published: 2021-11-08 12:21 – Updated: 2024-08-03 23:17
VLAI?
Summary
Cloudera Hue 4.6.0 allows XSS via the type parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cloudera Hue 4.6.0 allows XSS via the type parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T12:21:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudera Hue 4.6.0 allows XSS via the type parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue",
"refsource": "MISC",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
},
{
"name": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634",
"refsource": "CONFIRM",
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32481",
"datePublished": "2021-11-08T12:21:35",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8094 (GCVE-0-2015-8094)
Vulnerability from cvelistv5 – Published: 2018-05-22 18:00 – Updated: 2024-08-06 08:13
VLAI?
Summary
Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.cloudera.org/browse/HUE-3626"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cloudera/hue/pull/346"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.harmfultrust.com/p/advisories.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-22T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.cloudera.org/browse/HUE-3626"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cloudera/hue/pull/346"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.harmfultrust.com/p/advisories.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.cloudera.org/browse/HUE-3626",
"refsource": "CONFIRM",
"url": "https://issues.cloudera.org/browse/HUE-3626"
},
{
"name": "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html",
"refsource": "CONFIRM",
"url": "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html"
},
{
"name": "https://github.com/cloudera/hue/pull/346",
"refsource": "CONFIRM",
"url": "https://github.com/cloudera/hue/pull/346"
},
{
"name": "https://www.harmfultrust.com/p/advisories.html",
"refsource": "MISC",
"url": "https://www.harmfultrust.com/p/advisories.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8094",
"datePublished": "2018-05-22T18:00:00",
"dateReserved": "2015-11-09T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4947 (GCVE-0-2016-4947)
Vulnerability from cvelistv5 – Published: 2017-03-07 16:00 – Updated: 2024-08-06 00:46
VLAI?
Summary
Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
},
{
"name": "93880",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-08T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
},
{
"name": "93880",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf",
"refsource": "MISC",
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
},
{
"name": "93880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4947",
"datePublished": "2017-03-07T16:00:00",
"dateReserved": "2016-05-20T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4946 (GCVE-0-2016-4946)
Vulnerability from cvelistv5 – Published: 2017-03-07 16:00 – Updated: 2024-08-06 00:46
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93881",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93881"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-08T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93881",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93881"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93881"
},
{
"name": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf",
"refsource": "MISC",
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4946",
"datePublished": "2017-03-07T16:00:00",
"dateReserved": "2016-05-20T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3884 (GCVE-0-2025-3884)
Vulnerability from nvd – Published: 2025-05-22 00:49 – Updated: 2025-05-22 15:53
VLAI?
Summary
Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Ace Editor web application. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-24332.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T15:48:57.673775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T15:53:37.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Hue",
"vendor": "Cloudera",
"versions": [
{
"status": "affected",
"version": "4.11.0"
}
]
}
],
"dateAssigned": "2025-04-22T21:43:17.279Z",
"datePublic": "2025-04-24T00:14:14.309Z",
"descriptions": [
{
"lang": "en",
"value": "Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Ace Editor web application. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-24332."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T00:49:29.032Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-250",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-250/"
}
],
"source": {
"lang": "en",
"value": "Hamidreza Hamidi and Jafar Akhoundali"
},
"title": "Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-3884",
"datePublished": "2025-05-22T00:49:29.032Z",
"dateReserved": "2025-04-22T21:43:17.238Z",
"dateUpdated": "2025-05-22T15:53:37.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29994 (GCVE-0-2021-29994)
Vulnerability from nvd – Published: 2021-11-08 12:30 – Updated: 2024-08-03 22:24
VLAI?
Summary
Cloudera Hue 4.6.0 allows XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cloudera/hue"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cloudera Hue 4.6.0 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T12:30:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cloudera/hue"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudera Hue 4.6.0 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cloudera/hue",
"refsource": "MISC",
"url": "https://github.com/cloudera/hue"
},
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html",
"refsource": "CONFIRM",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
},
{
"name": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634",
"refsource": "CONFIRM",
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29994",
"datePublished": "2021-11-08T12:30:39",
"dateReserved": "2021-04-02T00:00:00",
"dateUpdated": "2024-08-03T22:24:59.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32481 (GCVE-0-2021-32481)
Vulnerability from nvd – Published: 2021-11-08 12:21 – Updated: 2024-08-03 23:17
VLAI?
Summary
Cloudera Hue 4.6.0 allows XSS via the type parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cloudera Hue 4.6.0 allows XSS via the type parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T12:21:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudera Hue 4.6.0 allows XSS via the type parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue",
"refsource": "MISC",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
},
{
"name": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634",
"refsource": "CONFIRM",
"url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32481",
"datePublished": "2021-11-08T12:21:35",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8094 (GCVE-0-2015-8094)
Vulnerability from nvd – Published: 2018-05-22 18:00 – Updated: 2024-08-06 08:13
VLAI?
Summary
Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.cloudera.org/browse/HUE-3626"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cloudera/hue/pull/346"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.harmfultrust.com/p/advisories.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-22T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.cloudera.org/browse/HUE-3626"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cloudera/hue/pull/346"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.harmfultrust.com/p/advisories.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.cloudera.org/browse/HUE-3626",
"refsource": "CONFIRM",
"url": "https://issues.cloudera.org/browse/HUE-3626"
},
{
"name": "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html",
"refsource": "CONFIRM",
"url": "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html"
},
{
"name": "https://github.com/cloudera/hue/pull/346",
"refsource": "CONFIRM",
"url": "https://github.com/cloudera/hue/pull/346"
},
{
"name": "https://www.harmfultrust.com/p/advisories.html",
"refsource": "MISC",
"url": "https://www.harmfultrust.com/p/advisories.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8094",
"datePublished": "2018-05-22T18:00:00",
"dateReserved": "2015-11-09T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4947 (GCVE-0-2016-4947)
Vulnerability from nvd – Published: 2017-03-07 16:00 – Updated: 2024-08-06 00:46
VLAI?
Summary
Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
},
{
"name": "93880",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-08T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
},
{
"name": "93880",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf",
"refsource": "MISC",
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
},
{
"name": "93880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4947",
"datePublished": "2017-03-07T16:00:00",
"dateReserved": "2016-05-20T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4946 (GCVE-0-2016-4946)
Vulnerability from nvd – Published: 2017-03-07 16:00 – Updated: 2024-08-06 00:46
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93881",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93881"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-08T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93881",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93881"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93881"
},
{
"name": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf",
"refsource": "MISC",
"url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4946",
"datePublished": "2017-03-07T16:00:00",
"dateReserved": "2016-05-20T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}