Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

CVE-2025-3884     Cloudera Hue Directory Traversal Information Disclosure Vulnerability

Labels:
avatar
author-rank Shivakuk
Contributor

Created ‎05-01-2025 04:06 AM

@Cloudera We have received below mentioned vulnerability from our security team. Could you please check and let us know if our Hadoop cluster is impacted by this vulnerability.
If yes the can you please provide a fix for this.

CVE-2025-3884     Cloudera Hue Directory Traversal Information Disclosure Vulnerability

CM version   :  Cloudera Enterprise 6.3.4 (#21561749)
CDH Version :  6.3.4-1.cdh6.3.4.p5552.32087246

703 Views
0 Kudos
2 REPLIES 2

avatar
jzumbado author-rank
Cloudera Employee

Created ‎05-02-2025 10:16 AM

Our team is actively investigating the reported CVE. After internal discussions, we'd like to clarify that the custom Ace fork is a developer-only tool located in the tools folder. It is not included in production builds or used at runtime, so any issues in it do not impact Hue or pose a security risk. However, we will reconfirm on this and keep you updated.

668 Views
0 Kudos

avatar
author-rank Shivakuk
Contributor

Created ‎05-04-2025 03:04 AM

Hi,

 

Thanks for the details. Sure, please keep me updated on this. This seems critical to my security team.

 

 

638 Views
0 Kudos
Announcements
Community Announcements
July 2025 Community Highlights
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
Join Us at CommunityOverCode Asia 2025: Exploring the Future...
What's New @ Cloudera
Announcing Cloudera Surveyor with Cloudera Streams Messaging...
What's New @ Cloudera
Cloudera Data Engineering Adds Suspend and Resume, Git Integ...
View More Announcements