CVE-2012-2230

Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574.

Published: Apr 12, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-2230
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
cloudera / cloudera_manager	3.7.2	3.7.2.x
cloudera / cloudera_manager	3.7.4	3.7.4.x
cloudera / cloudera_manager	3.7.1	3.7.1.x
cloudera / cloudera_manager	3.7.3	3.7.3.x
cloudera / cloudera_manager	3.7.0	3.7.0.x
cloudera / cloudera_service_and_configuration_manager	3.5	3.5.x

http://secunia.com/advisories/48776
https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin
https://exchange.xforce.ibmcloud.com/vulnerabilities/74823

Vulnerability Database

289,782

CVE-2012-2230