CVE-2018-20091: SQL Injection
First published: Fri Jun 07 2019(Updated: )
An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloudera Data Science Workbench | >=1.4.0<=1.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2018-20091.
What is the severity level of CVE-2018-20091?
The severity level of CVE-2018-20091 is critical with a severity value of 9.9.
What is the affected software of CVE-2018-20091?
The affected software of CVE-2018-20091 is Cloudera Data Science Workbench (CDSW) versions 1.4.0 through 1.4.2.
What is the impact of CVE-2018-20091?
The vulnerability allows any authenticated user to run arbitrary queries against CDSW's internal database, potentially accessing user contact information and encrypted CDSW passwords.
Is there any fix or patch available for CVE-2018-20091?
Yes, Cloudera has released a security bulletin that provides details on how to fix the SQL injection vulnerability in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/cloudera
- canonical/cloudera data science workbench
- version/cloudera data science workbench/1.4.0
- version/cloudera data science workbench/1.4.2