Release NotesPDF version

Issues Fixed in Cloudera Data Science Workbench 1.3.1

The current release of Cloudera Data Science Workbench includes fixes for bugs.

A configuration issue in Kubernetes used by Cloudera Data Science Workbench can allow remote command execution and privilege escalation in CDSW. A separate information permissions issue can cause the LDAP bind password to be exposed to authenticated CDSW users when LDAP bind search is enabled.

Products affected: Cloudera Data Science Workbench

Releases affected: Cloudera Data Science Workbench 1.3.0 (and lower)

Users affected: All users of Cloudera Data Science Workbench 1.3.0 (and lower)

Date/time of detection: May 16, 2018

Severity (Low/Medium/High): High

Impact: Remote command execution and information disclosure

CVE: CVE-2018-11215

Immediate action required: Upgrade to the latest version of Cloudera Data Science Workbench (1.3.1 or higher) and change the LDAP bind password if previously configured in Cloudera Data Science Workbench.

Addressed in release/refresh/patch: Cloudera Data Science Workbench 1.3.1 (and higher)

For the latest update on this issue see the corresponding Knowledge Base article:

TSB: 2018-313: Remote Command Execution and Information

  • Fixed an issue where CSD installations would fail to recognize Oracle Linux 7.3 as a supported operating system.

    Cloudera Bug: DSE-3257

  • Fixed several usability issues (file create, save, and so on) with Internet Explorer 11.

    Cloudera Bug: DSE-3426, DSE-3434

  • Fixed a SAML 2.0 configuration issue where uploading the identity provider metadata XML file did not update identity provider signing certificate and/or SSO URL on Cloudera Data Science Workbench correctly.

    Cloudera Bug: DSE-3265

  • Fixed an issue where the owner of a console output could not view their own shared consoles from sessions /job runs when sharing with Specific user/team.

    Cloudera Bug: DSE-3143

  • Fixed issue with missing connectors in Jobs dependency chart.

    Cloudera Bug: DSE-3185