Skip to main content

Incorrect Default Permissions

CVE-2018-20090

Severity High
Score 8.3/10

Summary

An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • LOW

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References

Advisory Timeline

  • Published