CVE-2017-15536

{"id": "CVE-2017-15536", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-02-05T03:29:00.220", "references": [{"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_248", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_248", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables."}, {"lang": "es", "value": "Se ha descubierto un problema en Cloudera Data Science Workbench (CDSW) en versiones 1.x anteriores a la 1.2.0. Varias vulnerabilidades de aplicaci\u00f3n web permiten que usuarios autenticados maliciosos de CDSW escalen sus privilegios en la aplicaci\u00f3n. Los usuarios de CDSW pueden explotar estas vulnerabilidades conjuntamente para obtener acceso root a los nodos CDSW, obtener acceso a la base de datos de la aplicaci\u00f3n (que incluye keytabs de Kerberos de los usuarios de CDSW y contrase\u00f1as bcrypt hasheadas) y obtener acceso a otra informaci\u00f3n privilegiada como los tokens de sesi\u00f3n, tokens de invitaci\u00f3n o variables de entorno."}], "lastModified": "2024-11-21T03:14:44.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cloudera:data_science_workbench:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FADA5325-628E-416F-963B-BC7CAC74BE2E", "versionEndExcluding": "1.2.0", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}