Cross-Site Scripting Vulnerability in Cloudera Manager by Cloudera
CVE-2021-29243

6.1MEDIUM

Key Information:

Vendor: Cloudera
Status: Cloudera Manager
Vendor: CVE Published:; 8 November 2021

What is CVE-2021-29243?

Cloudera Manager versions 5.x to 7.3.x are susceptible to a Cross-Site Scripting (XSS) vulnerability that may allow attackers to execute arbitrary scripts in the context of a user's session. This flaw could potentially enable unauthorized actions or sensitive data exposure when users interact with the affected application. It's crucial for users and administrators of Cloudera Manager to apply the necessary security patches and updates to mitigate this risk.

References

https://docs.cloudera.com/documentation/other/security-bu...

x_refsource_MISC

https://my.cloudera.com/knowledge/TSB-2021-488-Cloudera-M...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2021
Vulnerability Reserved
Mar 25, 2021