Your browser is out of date!

Update your browser to view this website correctly. Update my browser now

×

Cloudera Security Response Team

The Cloudera Security Response Team provides a single point of contact for customers and the community to report and provide information on security vulnerabilities in Cloudera products. The team works internally with Cloudera's Engineering and Support organizations as well as the external Apache community to identify, fix, and communicate security vulnerabilities in all Cloudera products.

Cloudera Security Bulletins

Current known security issues for CM and CDH can be found in the Cloudera Security Bulletin.

Bug Bounty Policy

Cloudera does not currently offer a Bug Bounty for any product or website vulnerabilities.

How to report a vulnerability

Cloudera strongly encourages customers and the community to report security vulnerabilities to our Security Response Team before disclosing them in a public forum. Please email security@cloudera.com to report a vulnerability. Be sure to include details on the version of software you are using and the hardware that it's running on. For any vulnerabilities found on www.cloudera.com or affiliated websites please include the full URL of the site/page where the vulnerability can be reproduced.

To submit your report securely to Cloudera, please use the the PGP key below.

Key fingerprint = 8580 CC90 E2A2 985B D68B  73C7 1B29 3F14 F19F 2913

pub  1024D/F19F2913

 

----- BEGIN PGP PUBLIC KEY BLOCK -----

Version: GnuPG v1.4.5 (GNU/Linux)

mQGiBFHEvxARBADQo6j8tG18XUuy0rdeNLFK9I2kR0U4MfJhc6GAjSWYGnJKDcfA

gjsChVr03VbN74cAm5OxVDR60fU3aTWSJ8BIKQ3wpkve6nx+McN4rjScBvnUBB1z

lFZ3x0f/2M2wIANnQ/C3Np1XH+NvoAlS5+T/5SDDYHr4D0lNw+irzfI6UwCg9C3/

dXT3IhS0QpXJEV2imfNWuCcD/1WtlSDYXAIAink3kgCIhybrSNVWuejky+UQPGtD

9qmu+M66fX/M/qJ7isUN3Ns8l/0Uy+LQg4aVds2IYyqUPvWyEqzhK4SaRjiI/gK0

DrA0IXW0tTwKx6J6AETFCVpztfJ2KK4SOfhbpffrzikep6H7jTcNBtEEMmuHF4d3

z34BA/90B5DxtWN19UA3o1FRDYmsyhdrohYwtqRubvDXQewDV6wGwOMtzs5glOuZ

+yvuzwiSkhDpqvLhG5G+vMy5ofdbpo/eSWv/89j09z5rHCwg0PVutFL+LSiRu0S4

9VMGszpB6Cy1fEhlYIXOlFloFtfGvMjZNklvkZlXJwWj1zeh3bQnQ2xvdWRlcmEs

IEluYy4gPHByb2FjdGl2ZUBjbG91ZGVyYS5jb20+iGAEExECACAFAlHEvxACGwMG

CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAbKT8U8Z8pE5OjAKDoRUIAvQLkNXyl

GqANWLbqU0mEaQCg7ZwRbP/wII2gkuWnB9htdCaWm9q5Ag0EUcS/ERAIAJiMxBy+

qxWs6t6px/jTqcZWx0iZEZ+1InJ7HK2XjMAdrFbt1eVKVfFXZUXAXDfGzzmy8oFn

cbl8uHLPRHjTwBdEKP7pHWSoEpSqrbTkU/SWhvkMlaJs0me+94AHxO7FXY9lcwO7

F0A1VAk74y5GgstxDbca611cK8lX+vRiK5sj7NobfHC5PrkUQpA94SbrXOq6ak8M

BJ1VM13hWDN5D2tpePZwb1I5XNiqrzaz9VjVdMgJWcrmCsaSVgpXOt/qYdpyCwgC

LTKz9uhWTcOOf9nxsZpGABryG5/AcCuwZpFZ4MU1xoE4m3AhhcagKtlhE5g8Vqdr

hI19EbV26QtbYQcAAwUH/RCj37fSirRcTF+vynoRc7z4x9vSPIdFAUmOMU5RWIWh

0pV4G61BJVi+tSnfFsUKzpvTAmd0mUPyoyltcfAaCeTvR7CLOejl7IHhLvMKTVs2

oDqnbLBrATXbILhjwxpMQ9ZlZseDySDmhPjO9KiQq82UMYulg/wnvnBgUFBAc4cH

gjnQiui0SmWG4J5pxwOiwByWAJyrUj7xFCLODcH+kH9cGL3zNPBmnLjHRfi7HCq1

D0rt9OrsAdNzuKkncUY6VtFLkH4gfSAQ2lqMbt/Ve9tkockwlgB630COIlk1ieTH

560ny8UtWUhYAxYJWE8WQaniam88QbOB8LX/w3J5CQWISQQYEQIACQUCUcS/EQIb

DAAKCRAbKT8U8Z8pE3bBAKDHTDmUbi3nEtuSCOqGDJE3jSiq9wCcDAtAqBjVfiJ4

KjsFTOdZK71ihnw=

=r4Om

----- END PGP PUBLIC KEY BLOCK -----

Information on known vulnerabilities and issues

All known vulnerabilities are listed in the Cloudera Security Bulletin and in the release notes for the product and version where they are fixed. In addition, all Cloudera vulnerabilities are reported to the National Vulnerability Database and have an assigned CVE number.