CVE-2013-6446

The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.1 LOW
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
clouderacdh
4.0.0
clouderacdh
4.0.1
clouderacdh
4.1.0
clouderacdh
4.1.1
clouderacdh
4.1.2
clouderacdh
4.1.3
clouderacdh
4.1.4
clouderacdh
4.1.5
clouderacdh
4.2.0
clouderacdh
4.2.1
clouderacdh
4.2.2
clouderacdh
4.3.0
clouderacdh
4.3.1
clouderacdh
4.3.2
clouderacdh
4.4.0
clouderacdh
4.5.0
clouderacdh
5.0.0:beta
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97068
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n
http://www.securityfocus.com/bid/97068
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n