The Cloudera Security Response Team provides a single point of contact for customers and the community to report and provide information on security vulnerabilities in Cloudera products. The team works internally with Cloudera's Engineering and Support organizations as well as the external Apache community to identify, fix, and communicate security vulnerabilities in all Cloudera products.
How to report a vulnerability
Cloudera strongly encourages customers and the community to report security vulnerabilities to our Security Response Team before disclosing them in a public forum. If you are not a current Cloudera customer, please email firstname.lastname@example.org to report a vulnerability. If you are a Cloudera customer, please create a support case through MyCloudera. Be sure to include details on the version of software you are using and the hardware that it's running on. For any vulnerabilities found on www.cloudera.com or affiliated websites please include the full URL of the site/page where the vulnerability can be reproduced.
To submit your report securely to Cloudera, please use the GPG key below.
GPG PUBLIC KEY BLOCK
Copy and paste the key below:
Information on known vulnerabilities and issues
Cloudera Security Bulletins
Bug Bounty Policy
Cloudera does not currently offer a Bug Bounty for any product or website vulnerabilities.