CVE-2015-2263
NONE3.3CVSS v3
2.1CVSS v2
0.04%
EPSS (exploit probability)
CWE-264CWE
Description
Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process.
CVSS v3 vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected routers (2)
| Vendor | Model | Matched via | Affected versions | Fixed in | Patch? |
|---|---|---|---|---|---|
| Ubiquiti | Ubiquiti EdgeRouter 4 | — |
— | — | No |
| Ubiquiti | Ubiquiti EdgeRouter X | — |
— | — | No |