HDP-2.3.4 Release Notes
Also available as:
PDF

Common Vulnerabilities and Exposures

[Important]Important

Hortonworks strongly recommends that all users running HDP 2.3.4 upgrade to HDP 2.3.4.7.

  • CVE-2016-0733: Ranger Admin authentication issue

    Severity: Important

    Vendor: Hortonworks

    Versions Affected: All HDP 2.3.x releases prior to 2.3.4

    Users Affected: All users of ranger policy admin tool.

    Impact: See BUG-50669 and RANGER-835. Malicious Users can gain access to ranger admin UI without proper authentication.

    Recommended Action: Upgrade to 2.3.4.x+ or HDP 2.4.0+.

  • CVE-2015-5167: Restrict REST API data access for non-admin users

    Severity: Important

    Vendor: Hortonworks

    Versions Affected: All HDP 2.3.x releases prior to 2.3.4

    Users Affected: All users of ranger policy admin tool.

    Impact: See BUG-41604 and RANGER-630. Data access restrictions via REST API are not consistent with restrictions in policy admin UI.

    Recommended Action: Upgrade to 2.3.4.x+ or HDP 2.4.0+.