CVE-2019-14449: XSS
First published: Tue Nov 26 2019(Updated: )
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloudera Cloudera Manager | >=5.0.0<5.16.2 | |
| Cloudera Cloudera Manager | =6.0.0 | |
| Cloudera Cloudera Manager | =6.0.1 | |
| Cloudera Cloudera Manager | =6.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue in Cloudera Manager?
The vulnerability ID is CVE-2019-14449.
What is the severity rating of CVE-2019-14449?
CVE-2019-14449 has a severity rating of medium (5.4).
What is the description of this vulnerability?
The vulnerability allows malicious impala queries to result in Cross Site Scripting (XSS) when viewed within Cloudera Manager.
How does CVE-2019-14449 affect Cloudera Manager?
CVE-2019-14449 affects Cloudera Manager versions 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1.
How can I fix this vulnerability in Cloudera Manager?
To fix this vulnerability, you should upgrade your Cloudera Manager to version 5.16.2, 6.0.2, or 6.1.1.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cloudera
- canonical/cloudera cloudera manager
- version/cloudera cloudera manager/5.0.0
- version/cloudera cloudera manager/6.0.0
- version/cloudera cloudera manager/6.0.1
- version/cloudera cloudera manager/6.1.0