Description
Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 3.9.0
References
- GHSA-rxfp-8jmr-xc95
- 2016.hack.lu
- web.archive.org
- CVE-2016-4947
- CWE-200
- CAPEC-310
- OWASP 2021-A1
- OWASP 2021-A6
Related Issues
- [email protected] contains malware after npm account takeover - CVE-2025-59144
- chromedriver Downloads Resources over HTTP - CVE-2016-10579
- Bootstrap Cross-site Scripting vulnerability - CVE-2016-10735
- Bootstrap Cross-site Scripting vulnerability (GHSA-4p24-vmcr-4gqj) - CVE-2016-10735
- Tags:
- npm
- gethue
Anything's wrong? Let us know Last updated on November 07, 2023