Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2 Incorrect Default Permissions Vulnerability

Summary

An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Credit:

The information has been provided by Che-Yuan Liang

The original article can be found at:https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351

 


Details

Authenticated users can bypass project permission checks and gain read-write access to any project folder.

 

Vulnerable Systems:

Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2 

 

CVE Information:

CVE-2018-20090

 

Disclosure Timeline:
Published Date: 11/26/2019