https://community.cloudera.com/t5/Support-Questions/CVE-2025-3884-Cloudera-Hue-Directory-Traversal-Information/m-p/407820#M252639 <P><SPAN>Our team is actively investigating the reported CVE. After internal discussions, we'd like to clarify that the custom Ace fork is a developer-only tool located in the tools folder. It is not included in production builds or used at runtime, so any issues in it do not impact Hue or pose a security risk. However, we will reconfirm on this and keep you updated.</SPAN></P> Fri, 02 May 2025 17:16:10 GMT jzumbado 2025-05-02T17:16:10Z https://community.cloudera.com/t5/Support-Questions/CVE-2025-3884-Cloudera-Hue-Directory-Traversal-Information/m-p/407367#M252633 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/27805">@Cloudera</a>&nbsp;<SPAN>We have received below mentioned vulnerability from our security team. Could you please check and let us know if our Hadoop cluster is impacted by this vulnerability.</SPAN><BR /><SPAN>If yes the can you please provide a fix for this.</SPAN><BR /><BR /><SPAN>CVE-2025-3884 &nbsp; &nbsp; Cloudera Hue Directory Traversal Information Disclosure Vulnerability </SPAN><BR /><BR /><SPAN>CM version &nbsp; : &nbsp;Cloudera Enterprise 6.3.4 (#21561749)</SPAN><BR /><SPAN>CDH Version : &nbsp;6.3.4-1.cdh6.3.4.p5552.32087246</SPAN></P> Thu, 01 May 2025 11:06:49 GMT https://community.cloudera.com/t5/Support-Questions/CVE-2025-3884-Cloudera-Hue-Directory-Traversal-Information/m-p/407367#M252633 Shivakuk 2025-05-01T11:06:49Z https://community.cloudera.com/t5/Support-Questions/CVE-2025-3884-Cloudera-Hue-Directory-Traversal-Information/m-p/407820#M252639 <P><SPAN>Our team is actively investigating the reported CVE. After internal discussions, we'd like to clarify that the custom Ace fork is a developer-only tool located in the tools folder. It is not included in production builds or used at runtime, so any issues in it do not impact Hue or pose a security risk. However, we will reconfirm on this and keep you updated.</SPAN></P> Fri, 02 May 2025 17:16:10 GMT https://community.cloudera.com/t5/Support-Questions/CVE-2025-3884-Cloudera-Hue-Directory-Traversal-Information/m-p/407820#M252639 jzumbado 2025-05-02T17:16:10Z https://community.cloudera.com/t5/Support-Questions/CVE-2025-3884-Cloudera-Hue-Directory-Traversal-Information/m-p/407859#M252640 <P>Hi,</P><P>&nbsp;</P><P>Thanks for the details. Sure, please keep me updated on this. This seems critical to my security team.</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 04 May 2025 10:04:05 GMT https://community.cloudera.com/t5/Support-Questions/CVE-2025-3884-Cloudera-Hue-Directory-Traversal-Information/m-p/407859#M252640 Shivakuk 2025-05-04T10:04:05Z