Known Issues in Cloudera Manager 7.4.0

Known issues in CM 7.4.0

Cloudera Bug: OPSAPS-59148: Hive on Tez service is marked as stale after Cloudera Manager upgrade
After upgrading Cloudera Manager, Hive On Tez will be marked as stale.
Workaround: If you are affected by this bug, at your next opportunity, restart Hive On Tez. The configuration parameter that will be marked stale is: tez.runtime.shuffle.ssl.enable.

Technical Service Bulletins

TSB 2021-491: Authorization Bypass in Cloudera Manager (CVE-2021-30132/CVE-2021-32483
Cloudera Manager (CM) 7.4.0 and earlier versions have incorrect Access Control in place for certain endpoints. A user who has a knowledge to the direct path of a resource or a URL to call a particular function, can access it without having the proper role granted. The vulnerable endpoints were CVE-2021-30132 /cmf/alerts/config?task= and CVE-2021-32483 /cmf/views/view?viewName=.
CVE
Impact
A user with read only privilege is able to see configuration information in the UI.
Action required
Upgrade to a version containing the fix.
Knowledge article
For the latest update on this issue see the corresponding Knowledge article: TSB 2021-491: Authorization Bypass in Cloudera Manager (CVE-2021-30132 / CVE-2021-32483)