The Cloudera Security Response Team provides a single point of contact for customers and the community to report and provide information on security vulnerabilities in Cloudera products. The team works internally with Cloudera's Engineering and Support organizations as well as the external Apache community to identify, fix, and communicate security vulnerabilities in all Cloudera products.
Cloudera strongly encourages customers and the community to report security vulnerabilities to our Security Response Team before disclosing them in a public forum. Please email security@cloudera.com to report a vulnerability. Be sure to include details on the version of software you are using and the hardware that it's running on.
For any vulnerabilities found on www.cloudera.com or affiliated websites please include the full URL of the site/page where the vulnerability can be reproduced. To submit your report securely to Cloudera, please use the the PGP key below.
| Key Fingerprint |
| 8580 CC90 E2A2 985B D68B 73C7 1B29 3F14 F19F 2913 |
pub 1024D/F19F2913
PGP Public Key Block
Version: GnuPG v1.4.5 (GNU/Linux)
Copy and paste the key below:
| PGP Public Key Block |
| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.5 (GNU/Linux) mQGiBFHEvxARBADQo6j8tG18XUuy0rdeNLFK9I2kR0U4MfJhc6GAjSWYGnJKDcfA gjsChVr03VbN74cAm5OxVDR60fU3aTWSJ8BIKQ3wpkve6nx+McN4rjScBvnUBB1z lFZ3x0f/2M2wIANnQ/C3Np1XH+NvoAlS5+T/5SDDYHr4D0lNw+irzfI6UwCg9C3/ dXT3IhS0QpXJEV2imfNWuCcD/1WtlSDYXAIAink3kgCIhybrSNVWuejky+UQPGtD 9qmu+M66fX/M/qJ7isUN3Ns8l/0Uy+LQg4aVds2IYyqUPvWyEqzhK4SaRjiI/gK0 DrA0IXW0tTwKx6J6AETFCVpztfJ2KK4SOfhbpffrzikep6H7jTcNBtEEMmuHF4d3 z34BA/90B5DxtWN19UA3o1FRDYmsyhdrohYwtqRubvDXQewDV6wGwOMtzs5glOuZ +yvuzwiSkhDpqvLhG5G+vMy5ofdbpo/eSWv/89j09z5rHCwg0PVutFL+LSiRu0S4 9VMGszpB6Cy1fEhlYIXOlFloFtfGvMjZNklvkZlXJwWj1zeh3bQnQ2xvdWRlcmEs IEluYy4gPHByb2FjdGl2ZUBjbG91ZGVyYS5jb20+iGAEExECACAFAlHEvxACGwMG CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAbKT8U8Z8pE5OjAKDoRUIAvQLkNXyl GqANWLbqU0mEaQCg7ZwRbP/wII2gkuWnB9htdCaWm9q5Ag0EUcS/ERAIAJiMxBy+ qxWs6t6px/jTqcZWx0iZEZ+1InJ7HK2XjMAdrFbt1eVKVfFXZUXAXDfGzzmy8oFn cbl8uHLPRHjTwBdEKP7pHWSoEpSqrbTkU/SWhvkMlaJs0me+94AHxO7FXY9lcwO7 F0A1VAk74y5GgstxDbca611cK8lX+vRiK5sj7NobfHC5PrkUQpA94SbrXOq6ak8M BJ1VM13hWDN5D2tpePZwb1I5XNiqrzaz9VjVdMgJWcrmCsaSVgpXOt/qYdpyCwgC LTKz9uhWTcOOf9nxsZpGABryG5/AcCuwZpFZ4MU1xoE4m3AhhcagKtlhE5g8Vqdr hI19EbV26QtbYQcAAwUH/RCj37fSirRcTF+vynoRc7z4x9vSPIdFAUmOMU5RWIWh 0pV4G61BJVi+tSnfFsUKzpvTAmd0mUPyoyltcfAaCeTvR7CLOejl7IHhLvMKTVs2 oDqnbLBrATXbILhjwxpMQ9ZlZseDySDmhPjO9KiQq82UMYulg/wnvnBgUFBAc4cH gjnQiui0SmWG4J5pxwOiwByWAJyrUj7xFCLODcH+kH9cGL3zNPBmnLjHRfi7HCq1 D0rt9OrsAdNzuKkncUY6VtFLkH4gfSAQ2lqMbt/Ve9tkockwlgB630COIlk1ieTH 560ny8UtWUhYAxYJWE8WQaniam88QbOB8LX/w3J5CQWISQQYEQIACQUCUcS/EQIb DAAKCRAbKT8U8Z8pE3bBAKDHTDmUbi3nEtuSCOqGDJE3jSiq9wCcDAtAqBjVfiJ4 KjsFTOdZK71ihnw= =r4Om -----END PGP PUBLIC KEY BLOCK----- |
All known vulnerabilities are listed in the Cloudera Security Bulletin and in the release notes for the product and version where they are fixed. In addition, all Cloudera vulnerabilities are reported to the National Vulnerability Database and have an assigned CVE number.
Cloudera Security Bulletins
Current known security issues for CM and CDH can be found in the Cloudera Security Bulletin.
Bug Bounty Policy
Cloudera does not currently offer a Bug Bounty for any product or website vulnerabilities.
Handling security vulnerabilities
Click here to learn more about how Cloudera handles security vulnerabilities.