Your browser is out of date!

Update your browser to view this website correctly. Update my browser now

×

Cloudera Security Response Team

The Cloudera Security Response Team provides a single point of contact for customers and the community to report and provide information on security vulnerabilities in Cloudera products. The team works internally with Cloudera's Engineering and Support organizations as well as the external Apache community to identify, fix, and communicate security vulnerabilities in all Cloudera products.

Cloudera Security Bulletins

Current known security issues for CM and CDH can be found in the Cloudera Security Bulletin.

Bug Bounty Policy

Cloudera does not currently offer a Bug Bounty for any product or website vulnerabilities.

How to report a vulnerability

Cloudera strongly encourages customers and the community to report security vulnerabilities to our Security Response Team before disclosing them in a public forum. Please email security@cloudera.com to report a vulnerability. Be sure to include details on the version of software you are using and the hardware that it's running on. For any vulnerabilities found on www.cloudera.com or affiliated websites please include the full URL of the site/page where the vulnerability can be reproduced.

To submit your report securely to Cloudera, please use the the PGP key below.

KEY FINGERPRINT

pub  1024D/F19F2913
 


PGP PUBLIC KEY BLOCK

Version: GnuPG v1.4.5 (GNU/Linux)

Download or copy and paste the key below

Information on known vulnerabilities and issues

All known vulnerabilities are listed in the Cloudera Security Bulletin and in the release notes for the product and version where they are fixed. In addition, all Cloudera vulnerabilities are reported to the National Vulnerability Database and have an assigned CVE number.