CVE-2017-15536
First published: Mon Feb 05 2018(Updated: )
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloudera Data Science Workbench | >=1.0.0<1.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-15536?
CVE-2017-15536 is a vulnerability discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0 that allows malicious authenticated users to escalate privileges and gain root access to CDSW nodes.
What is the severity of CVE-2017-15536?
The severity of CVE-2017-15536 is high with a CVSS score of 8.8.
How do I fix CVE-2017-15536?
To fix CVE-2017-15536, upgrade your Cloudera Data Science Workbench (CDSW) to version 1.2.0 or later.
Are all versions of Cloudera Data Science Workbench affected by CVE-2017-15536?
No, only CDSW 1.x versions before 1.2.0 are affected by CVE-2017-15536.
What is the Common Weakness Enumeration (CWE) ID of CVE-2017-15536?
The CWE ID of CVE-2017-15536 is CWE-269.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/cloudera
- canonical/cloudera data science workbench
- version/cloudera data science workbench/1.0.0