First published: Wed Jul 03 2019(Updated: )
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cloudera CDH | <=5.8.0 | |
Cloudera CDH | >=5.8.2<=5.9.2 | |
Cloudera CDH | >=5.10.0<=5.10.1 | |
Cloudera CDH | >=5.11.0<=5.11.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-9325 is a vulnerability that affects Cloudera CDH versions 5.8.0 to 5.11.1 and allows unauthorized access to the /update/json/docs endpoint.
CVE-2017-9325 allows attackers to bypass Sentry authorization and gain unauthorized access to the /update/json/docs endpoint.
CVE-2017-9325 has a severity level of high (7.5) due to its potential for unauthorized access.
To fix CVE-2017-9325, Cloudera CDH users should upgrade to a version that includes the necessary security patches.
You can find more information about CVE-2017-9325 in Cloudera's security bulletin: [link here](https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html)