Known Issues in Cloudera Manager 7.4.0
Known issues in CM 7.4.0
- Cloudera Bug: OPSAPS-59148: Hive on Tez service is marked as stale after Cloudera Manager upgrade
- After upgrading Cloudera Manager, Hive On Tez will be marked as stale.
Technical Service Bulletin
- TSB 2021-491: Authorization Bypass in Cloudera Manager (CVE-2021-30132/CVE-2021-32483)
- Cloudera Manager (CM) 7.4.0 and earlier versions have incorrect Access Control in place for certain endpoints. A user who has a knowledge to the direct path of a resource or a URL to call a particular function, can access it without having the proper role granted. The vulnerable endpoints were CVE-2021-30132 /cmf/alerts/config?task= and CVE-2021-32483 /cmf/views/view?viewName=.
- CVE
-
- CVE-2021-30132
- Alerts config - 4.3 (Medium)
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- CVE-2021-32483
- Views - 4.3 (Medium)
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- CVE-2021-30132
- Impact
- A user with read only privilege is able to see configuration information in the UI.
- Action required
- Upgrade to a version containing the fix.
- Knowledge article
- For the latest update on this issue see the corresponding Knowledge article: TSB 2021-491: Authorization Bypass in Cloudera Manager (CVE-2021-30132 / CVE-2021-32483)