CVE-2017-9326, CVE-2017-9327 to Cloudera Manager
NOTE: the affected package isn't identified
https://mvnrepository.com/artifact/com.cloudera.api/cloudera-manager-api
https://repository.cloudera.com/artifactory/cloudera-repos/
Keystore password for Spark History Server not properly secured
The keystore password for the Spark History Server may be exposed in unsecured files under the
/var/run/cloudera-scm-agent
directory managed by Cloudera Manager. The keystore file itself is not exposed.
- https://nvd.nist.gov/vuln/detail/CVE-2017-9326
- https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-237
Sensitive data of processes managed by Cloudera Manager are not secured by file permissions
Secret data of processes managed by CM is not secured by file permissions.
Edited by Fabien Catteau