CVE-2013-6446

EUVD-2013-6253
The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.1 LOW
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
clouderacdh
4.0.0
clouderacdh
4.0.1
clouderacdh
4.1.0
clouderacdh
4.1.1
clouderacdh
4.1.2
clouderacdh
4.1.3
clouderacdh
4.1.4
clouderacdh
4.1.5
clouderacdh
4.2.0
clouderacdh
4.2.1
clouderacdh
4.2.2
clouderacdh
4.3.0
clouderacdh
4.3.1
clouderacdh
4.3.2
clouderacdh
4.4.0
clouderacdh
4.5.0
clouderacdh
5.0.0:beta
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97068
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n
http://www.securityfocus.com/bid/97068
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n