CVE-2014-8733

low

Published 2015-02-10 · Modified 2026-05-06

CVSS v3

—

CVSS v2

2.1

VIR risk

2.1

Description

Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.cloudera.com/content/cloudera/en/documentation/security-bulletins/Security-Bulletin/csb_topic_2.html

Application impact

Vendor	Product	Versions
cloudera	cloudera_manager	`5.2.0`
cloudera	cloudera_manager	`5.2.1`
cloudera	cloudera_manager	`5.3.0`

References

http://www.cloudera.com/content/cloudera/en/documentation/security-bulletins/Security-Bulletin/csb_topic_2.html
http://www.cloudera.com/content/cloudera/en/documentation/security-bulletins/Security-Bulletin/csb_topic_2.html

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.