Known Issues in Hue

This topic describes known issues and workarounds for using Hue in this release of Cloudera Runtime.

CDPD-3501: Hue-Atlas configuration information is missing on Data Mart clusters.
Problem: The configuration file hive-conf%2Fatlas-application.properties is missing on Data Mart clusters because Apache Hive is not installed. This properties file is needed for the Hue integration with Apache Atlas.
Workaround:
  1. Log in to the CDP web interface and navigate to the Data Hub service.
  2. On the Data Hub Clusters page, click the Data Mart cluster you want to work on.
  3. On the Data Mart cluster page, click the URL link to Cloudera Manager Info:

  4. On the Home page of Cloudera Manager, click the cluster name under Compute Clusters:

  5. In the cluster page in the Status column under Compute Cluster, Cloudera Runtime, click the link to Hue:

  6. On the Hue page, click the Configuration tab to view the configuration properties for Hue.
  7. In the search text box, type safety and press Enter to locate the Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini, which appears at the top of the configuration parameters list.
  8. Append the following configuration information to the existing configuration information in the Safety Valve and click Save Changes:
    [metadata]
    [[catalog]]
    interface=atlas
    api_url=http://master0.cloudera.site:21000/api/atlas/
    kerberos_enabled=true
  9. Restart the Hue service for the configuration change to take effect.

Technical Service Bulletins

TSB 2021-487: Cloudera Hue is vulnerable to Cross-Site Scripting attacks

Multiple Cross-Site Scripting (XSS) vulnerabilities of Cloudera Hue have been found. They allow JavaScript code injection and execution in the application context.

  • CVE-2021-29994 - The Add Description field in the Table schema browser does not sanitize user inputs as expected.
  • CVE-2021-32480 - Default Home direct button in Filebrowser is also susceptible to XSS attack.
  • CVE-2021-32481 - The Error snippet dialog of the Hue UI does not sanitize user inputs.
Knowledge article
For the latest update on this issue see the corresponding Knowledge article: TSB 2021-487: Cloudera Hue is vulnerable to Cross-Site Scripting attacks (CVE-2021-29994, CVE-2021-32480, CVE-2021-32481)