CVE-2018-17860

EUVD-2018-9602
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
clouderacdh
5.0.0 ≤
𝑥
≤ 5.14.0
clouderacdh
5.15.0
clouderacdh
5.15.1
clouderacdh
6.0.0
clouderacdh
6.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb
https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop
https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb
https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop