Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter.
References
Configurations
Configuration 1 (hide)
|
History
10 Nov 2021, 16:23
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://my.cloudera.com/knowledge/TSB-2021-488-Cloudera-Manager-is-vulnerable-to-Cross-Site?id=322833 - Vendor Advisory | |
References | (MISC) https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#cloudera_manager - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CPE | cpe:2.3:a:cloudera:cloudera_manager:*:*:*:*:*:*:*:* | |
CWE | CWE-79 |
08 Nov 2021, 13:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-08 13:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-32482
Mitre link : CVE-2021-32482
CVE.ORG link : CVE-2021-32482
JSON object : View
Products Affected
cloudera
- cloudera_manager
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')