The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cdh | Cloudera | 4.0.0 (including) | 4.0.0 (including) |
| Cdh | Cloudera | 4.0.1 (including) | 4.0.1 (including) |
| Cdh | Cloudera | 4.1.0 (including) | 4.1.0 (including) |
| Cdh | Cloudera | 4.1.1 (including) | 4.1.1 (including) |
| Cdh | Cloudera | 4.1.2 (including) | 4.1.2 (including) |
| Cdh | Cloudera | 4.1.3 (including) | 4.1.3 (including) |
| Cdh | Cloudera | 4.1.4 (including) | 4.1.4 (including) |
| Cdh | Cloudera | 4.1.5 (including) | 4.1.5 (including) |
| Cdh | Cloudera | 4.2.0 (including) | 4.2.0 (including) |
| Cdh | Cloudera | 4.2.1 (including) | 4.2.1 (including) |
| Cdh | Cloudera | 4.2.2 (including) | 4.2.2 (including) |
| Cdh | Cloudera | 4.3.0 (including) | 4.3.0 (including) |
| Cdh | Cloudera | 4.3.1 (including) | 4.3.1 (including) |
| Cdh | Cloudera | 4.3.2 (including) | 4.3.2 (including) |
| Cdh | Cloudera | 4.4.0 (including) | 4.4.0 (including) |
| Cdh | Cloudera | 4.5.0 (including) | 4.5.0 (including) |
| Cdh | Cloudera | 5.0.0-beta (including) | 5.0.0-beta (including) |