Cross-Site Scripting Vulnerability in Cloudera Hue Product
CVE-2021-29994

6.1MEDIUM

Key Information:

Vendor

Cloudera

Status
Hue
Vendor
CVE Published:
8 November 2021

What is CVE-2021-29994?

Cloudera Hue 4.6.0 is susceptible to a Cross-Site Scripting (XSS) vulnerability, which could allow attackers to inject malicious scripts into web pages viewed by users. An exploited vulnerability may pose significant risks to user data and application integrity, emphasizing the need for prompt updates and security measures. Users and administrators are recommended to review their configurations and apply necessary patches to protect against potential exploitation.

References

https://github.com/cloudera/hue
x_refsource_MISC
https://docs.cloudera.com/documentation/other/security-bu...
x_refsource_CONFIRM
https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-H...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.