Vulnerability Description
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudera | Data Science Workbench | >= 1.0.0, < 1.2.0 |
Related Weaknesses (CWE)
References
- https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Vendor Advisory
- https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Vendor Advisory
FAQ
What is CVE-2017-15536?
CVE-2017-15536 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. ...
How severe is CVE-2017-15536?
CVE-2017-15536 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15536?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudera Data Science Workbench.