Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise

Advanced Search

Solved

Contributor

Our vulnerability scanning found these two vulnerabilities on our CDP Private Cloud 7.1.7-SP1, CVE-2022-22970 and CVE-2022-22971. There are several versions of spring-core in the parcel, none of which are the recommended version:

./jars/spring-core-4.3.29.RELEASE.jar
./jars/spring-core-5.2.18.RELEASE.jar
./jars/spring-core-5.3.10.jar
./jars/spring-core-5.3.12.jar
./jars/spring-core-5.3.13.jar
./jars/spring-core-5.3.4.jar

Is CDP vulnerable to these vulnerabilities?

https://tanzu.vmware.com/security/cve-2022-22970

https://tanzu.vmware.com/security/cve-2022-22971

1,459 Views

1 ACCEPTED SOLUTION

Rising Star

Hello @loubershad,

Current available GA versions of CDP does not have the fix included for the mentioned CVE (CVE-2022-22970 and CVE-2022-22971)

However, it is currently planned and should be available with upcoming release of CDP

Thank you!

View solution in original post

1,432 Views

1 REPLY 1

Rising Star

Hello @loubershad,

Current available GA versions of CDP does not have the fix included for the mentioned CVE (CVE-2022-22970 and CVE-2022-22971)

However, it is currently planned and should be available with upcoming release of CDP

Thank you!

1,433 Views

Announcements

What's New @ Cloudera

[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...

What's New @ Cloudera

[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...

Community Announcements

February 2025 Community Highlights

What's New @ Cloudera

3 Benefits of External IDE Connectivity, Now Available in Cl...

What's New @ Cloudera

Performance comparison of Spark3 on YARN with S3 Standard VS...