Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs.
References
Configurations
History
No history.
Information
Published : 2017-03-07 16:59
Updated : 2024-02-28 15:44
NVD link : CVE-2016-4949
Mitre link : CVE-2016-4949
CVE.ORG link : CVE-2016-4949
JSON object : View
Products Affected
cloudera
- manager
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor