GCVE - cpe:2.3:a:cloudera:data_science_workbench:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cloudera:data_science_workbench:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Cloudera (`0dd05bd6-3317-576d-8018-22703a842a4f`)
Product	Data Science Workbench (`8d5901f4-14d6-5e72-b927-d30d8fe320e3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-20091`	vulnerable	2026-06-03 14:38:38.582211	Details available An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs. Published: 2019-06-07T15:50:36.000Z Updated: 2024-08-05T11:51:19.275Z Open on db.gcve.eu Reference links https://www.cloudera.com/products/data-science-and-engineering/data-science-workbench.html https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-20090`	vulnerable	2026-06-03 14:38:38.581793	Details available An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder. Published: 2019-11-26T15:18:48.000Z Updated: 2024-08-05T11:51:18.956Z Open on db.gcve.eu Reference links https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-15665`	vulnerable	2026-06-03 14:38:14.166417	Details available An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts. Published: 2019-06-21T14:18:37.000Z Updated: 2024-08-05T10:01:54.431Z Open on db.gcve.eu Reference links https://www.cloudera.com https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-11215`	vulnerable	2026-06-03 14:38:00.991790	Details available Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors. Published: 2019-07-03T15:46:08.000Z Updated: 2024-08-05T08:01:52.360Z Open on db.gcve.eu Reference links https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-15536`	vulnerable	2026-06-03 14:36:46.397709	Details available An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables. Published: 2018-02-05T03:00:00.000Z Updated: 2024-08-05T19:57:26.340Z Open on db.gcve.eu Reference links https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_248	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.