Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-3167

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Mar, 2021 | 15:06
Updated At-03 Aug, 2024 | 16:45
Rejected At-
Credits

In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Mar, 2021 | 15:06
Updated At:03 Aug, 2024 | 16:45
Rejected At:
▼CVE Numbering Authority (CNA)

In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html
x_refsource_MISC
https://my.cloudera.com/knowledge/TSB-2021-466-CDE-authentication-tokens-exposed-in-pod-and?id=310163
x_refsource_MISC
https://docs.cloudera.com/data-engineering/cloud/release-notes/topics/cde-general-known-issues.html
x_refsource_MISC
Hyperlink: https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html
Resource:
x_refsource_MISC
Hyperlink: https://my.cloudera.com/knowledge/TSB-2021-466-CDE-authentication-tokens-exposed-in-pod-and?id=310163
Resource:
x_refsource_MISC
Hyperlink: https://docs.cloudera.com/data-engineering/cloud/release-notes/topics/cde-general-known-issues.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html
x_refsource_MISC
x_transferred
https://my.cloudera.com/knowledge/TSB-2021-466-CDE-authentication-tokens-exposed-in-pod-and?id=310163
x_refsource_MISC
x_transferred
https://docs.cloudera.com/data-engineering/cloud/release-notes/topics/cde-general-known-issues.html
x_refsource_MISC
x_transferred
Hyperlink: https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://my.cloudera.com/knowledge/TSB-2021-466-CDE-authentication-tokens-exposed-in-pod-and?id=310163
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://docs.cloudera.com/data-engineering/cloud/release-notes/topics/cde-general-known-issues.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:15 Mar, 2021 | 16:15
Updated At:28 Jun, 2022 | 14:11

In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N
CPE Matches
cloudera
cloudera
>>data_engineering>>1.3.0
cpe:2.3:a:cloudera:data_engineering:1.3.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-532Primarynvd@nist.gov
CWE ID: CWE-532
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://docs.cloudera.com/data-engineering/cloud/release-notes/topics/cde-general-known-issues.htmlcve@mitre.org
Vendor Advisory
https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.htmlcve@mitre.org
Vendor Advisory
https://my.cloudera.com/knowledge/TSB-2021-466-CDE-authentication-tokens-exposed-in-pod-and?id=310163cve@mitre.org
Vendor Advisory
Hyperlink: https://docs.cloudera.com/data-engineering/cloud/release-notes/topics/cde-general-known-issues.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://my.cloudera.com/knowledge/TSB-2021-466-CDE-authentication-tokens-exposed-in-pod-and?id=310163
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

153Records found
CVE-2021-1226
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 45.12%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:16
Updated-12 Nov, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Communications Products Information Disclosure Vulnerability

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unity_connectionunified_communications_managerprime_license_managerunified_communications_manager_im_\&_presence_serviceemergency_responderCisco Emergency Responder
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2017-11134
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.03%
||
7 Day CHG~0.00%
Published-01 Aug, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them.

Action-Not Available
Vendor-stashcatn/a
Product-heinekingmedian/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-3281
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 56.18%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:56
Updated-15 Nov, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Digital Network Architecture Center Information Disclosure Vulnerability

A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-digital_network_architecture_centerCisco Digital Network Architecture Center (DNA Center)
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found