GCVE - cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Cloudera (`0dd05bd6-3317-576d-8018-22703a842a4f`)
Product	Cdh (`bd545f11-a142-568a-a090-8bfef83864aa`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/cloudera/cdh-package`	purl2cpe	2026-06-01 10:18:08.371134

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-17860`	vulnerable	2026-06-08 05:11:06.768956	Details available Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. Published: 2019-11-26T14:11:35.000Z Updated: 2024-08-05T10:54:10.985Z Open on db.gcve.eu Reference links https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-9325`	vulnerable	2026-06-08 05:10:09.693920	Details available The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs. Published: 2019-07-03T16:23:05.000Z Updated: 2024-08-05T17:02:44.349Z Open on db.gcve.eu Reference links https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6353`	vulnerable	2026-06-08 05:07:59.667188	Details available Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler. Published: 2019-11-26T13:48:22.000Z Updated: 2024-08-06T01:29:19.477Z Open on db.gcve.eu Reference links https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5724`	vulnerable	2026-06-08 05:07:57.583019	Details available Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles. Published: 2019-11-26T13:49:57.000Z Updated: 2024-08-06T01:08:00.559Z Open on db.gcve.eu Reference links https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3131`	vulnerable	2026-06-08 05:07:44.567560	Details available Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. Published: 2019-11-26T13:57:45.000Z Updated: 2024-08-05T23:47:57.273Z Open on db.gcve.eu Reference links https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7831`	vulnerable	2026-06-08 05:07:02.029173	Details available In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used. Published: 2019-11-26T13:58:47.000Z Updated: 2024-08-06T07:58:59.923Z Open on db.gcve.eu Reference links https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.