Known Issues in Cloudera Manager 7.0.0
This topic describes known issues and workarounds for Cloudera Manager.
- Stopping a cluster using Cloudera Manager loses connection to Cloudera Manager on next start
- Workaround: Do not use Cloudera Manager to stop a cluster.
Instead, stop the cluster from the Service page.
See: Stop a Cluster
- OPSAPS-50447 Health Test for Hive Metastore Server Canary fails to perform its task of checking HMS basic functionality (creating a database, table and partitions and then dropping them) and therefore reports bad health status in all cases.
- Workaround: Suppress the alert in Cloudera Manager.
- OPSAPS-51786: The default value for the Scheduled Diagnostic Data Collection Time configuration property contains a very old date. However, only the time portion is used to create this configuration.
- Workaround:When editing this property, enter any date (this will be ignored) and the time when you want diagnostic data collection to occur.
Technical Service Bulletin
- TSB 2021-491: Authorization Bypass in Cloudera Manager (CVE-2021-30132/CVE-2021-32483
- Cloudera Manager (CM) 7.4.0 and earlier versions have incorrect Access Control in place for certain endpoints. A user who has a knowledge to the direct path of a resource or a URL to call a particular function, can access it without having the proper role granted. The vulnerable endpoints were CVE-2021-30132 /cmf/alerts/config?task= and CVE-2021-32483 /cmf/views/view?viewName=.
- CVE
-
- CVE-2021-30132
- Alerts config - 4.3 (Medium)
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- CVE-2021-32483
- Views - 4.3 (Medium)
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- CVE-2021-30132
- Impact
- A user with read only privilege is able to see configuration information in the UI.
- Action required
- Upgrade to a version containing the fix.
- Knowledge article
- For the latest update on this issue see the corresponding Knowledge article: TSB 2021-491: Authorization Bypass in Cloudera Manager (CVE-2021-30132 / CVE-2021-32483)
