Remote Authentication Vulnerability in Cloudera Manager and Service Manager
CVE-2012-2230

Currently unrated

Key Information:

Vendor: Cloudera
Status: Cloudera Manager
Vendor: CVE Published:; 12 April 2012

What is CVE-2012-2230?

The vulnerability affects Cloudera Manager versions 3.7.x prior to 3.7.5 and Service and Configuration Manager 3.5 when Kerberos is not enabled. It involves improper installation of taskcontroller.cfg, enabling remote authenticated users to potentially impersonate arbitrary user accounts through unspecified methods, leading to unauthorized access. This represents a serious concern for system integrity if left unaddressed.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/74823

vdb-entryx_refsource_XF

http://secunia.com/advisories/48776

third-party-advisoryx_refsource_SECUNIA

https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bu...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2012
Vulnerability Reserved
Apr 12, 2012