Known Issues in Hue
This topic describes known issues and workarounds for using Hue in this release of Cloudera Runtime.
- CDPD-3501: Hue-Atlas configuration information is missing on Data Mart clusters.
- Problem: The configuration file
hive-conf%2Fatlas-application.properties
is missing on Data Mart clusters because Apache Hive is not installed. This properties file is needed for the Hue integration with Apache Atlas.
Technical Service Bulletins
- TSB 2021-487: Cloudera Hue is vulnerable to Cross-Site Scripting attacks
-
Multiple Cross-Site Scripting (XSS) vulnerabilities of Cloudera Hue have been found. They allow JavaScript code injection and execution in the application context.
- CVE-2021-29994 - The Add Description field in the Table schema browser does not sanitize user inputs as expected.
- CVE-2021-32480 - Default Home direct button in Filebrowser is also susceptible to XSS attack.
- CVE-2021-32481 - The Error snippet dialog of the Hue UI does not sanitize user inputs.
- Knowledge article
- For the latest update on this issue see the corresponding Knowledge article: TSB 2021-487: Cloudera Hue is vulnerable to Cross-Site Scripting attacks (CVE-2021-29994, CVE-2021-32480, CVE-2021-32481)