Issues Fixed in Cloudera Data Science Workbench 1.2.0
The current release of Cloudera Data Science Workbench includes fixes for bugs.
Privilege Escalation and Database Exposure in Cloudera Data Science Workbench
Several web application vulnerabilities allowed malicious authenticated Cloudera Data Science Workbench (CDSW) users to escalate privileges in CDSW. In combination, such users could exploit these vulnerabilities to gain root access to CDSW hosts, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and obtain other privileged information such as session tokens, invitations tokens, and environmental variables.
Products affected: Cloudera Data Science Workbench
Releases affected: Cloudera Data Science Workbench 1.0.0, 1.0.1, 1.1.0, 1.1.1
Users affected: All users of Cloudera Data Science Workbench 1.0.0, 1.0.1, 1.1.0, 1.1.1
Date/time of detection: September 1, 2017
Detected by: NCC Group
Severity (Low/Medium/High): High
Impact: Privilege escalation and database exposure.
CVE: CVE-2017-15536
Addressed in release/refresh/patch: Cloudera Data Science Workbench 1.2.0 or higher.
Immediate action required: Upgrade to the latest version of Cloudera Data Science Workbench.
Other Notable Fixed Issues in Cloudera Data Science Workbench 1.2.0
- Fixed an issue where the Workbench editor screen jumps unexpectedly when typing or scrolling.
- Fixed auto-scroll behavior in the Workbench console. This was a browser compatibility issue that affected Chrome and Firefox, but not Safari.
- Fixed an issue where if a user logged out of Cloudera Data Science Workbench, and
logged back in as a different user, they may see a
SecurityError
message in the Workbench. - Fixed an issue that was preventing site administrators from uploading the SAML metadata file.
- Fixed several issues related to plotting with
matplotlib
. If you have previously used any workarounds for plotting, you might consider removing them now. - Engines now use the same build of Kerberos utilities (
ktutil
,kinit
, andklist
) as the rest of Cloudera Data Science Workbench. This will improve logs obtained from kinit and make debugging Kerberos issues easier. -
KRB5_TRACE
is now included in the error logs obtained when youkinit
. - Fixed an issue that was affecting health checks in deployments using AWS elastic load balancing.