Description
Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 3.9.0
References
- GHSA-rxfp-8jmr-xc95
- 2016.hack.lu
- web.archive.org
- CVE-2016-4947
- CWE-200
- CAPEC-310
- OWASP 2021-A1
- OWASP 2021-A6
Related Issues
- [email protected] contains malware after npm account takeover - CVE-2025-59144
- dalek-browser-chrome Downloads Resources over HTTP - CVE-2016-10604
- ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint - CVE-2026-33877
- Arbitrary Code Injection in pouchdb - CVE-2016-10546
You might also like:
- Tags:
- npm
- gethue
Anything's wrong? Let us know Last updated on November 07, 2023


