Cloudera Security Response Team

The Cloudera Security Response Team provides a single point of contact for customers and the community to report and provide information on security vulnerabilities in Cloudera products. The team works internally with Cloudera's Engineering and Support organizations as well as the external Apache community to identify, fix, and communicate security vulnerabilities in all Cloudera products.


Cloudera Security Bulletins

Current known security issues for CM and CDH can be found in the Cloudera Security Bulletin.


How to report a vulnerability

Cloudera strongly encourages customers and the community to report security vulnerabilities to our Security Response Team before disclosing them in a public forum. Please email security@cloudera.com to report a vulnerability. Be sure to include details on the version of software you are using and the hardware that it's running on.

To submit your report securely, please use the the PGP key below.


Information on known vulnerabilities and issues

All known vulnerabilities are listed in the Cloudera Security Bulletin and in the release notes for the product and version where they are fixed. In addition, all Cloudera vulnerabilities are reported to the National Vulnerability database and have an assigned CVE number and will be reported to Bugtraq


----- BEGIN PGP PUBLIC KEY BLOCK -----

Version: GnuPG v1.4.5 (GNU/Linux)

mQGiBFHEvxARBADQo6j8tG18XUuy0rdeNLFK9I2kR0U4MfJhc6GAjSWYGnJKDcfA
gjsChVr03VbN74cAm5OxVDR60fU3aTWSJ8BIKQ3wpkve6nx+McN4rjScBvnUBB1z
lFZ3x0f/2M2wIANnQ/C3Np1XH+NvoAlS5+T/5SDDYHr4D0lNw+irzfI6UwCg9C3/
dXT3IhS0QpXJEV2imfNWuCcD/1WtlSDYXAIAink3kgCIhybrSNVWuejky+UQPGtD
9qmu+M66fX/M/qJ7isUN3Ns8l/0Uy+LQg4aVds2IYyqUPvWyEqzhK4SaRjiI/gK0
DrA0IXW0tTwKx6J6AETFCVpztfJ2KK4SOfhbpffrzikep6H7jTcNBtEEMmuHF4d3
z34BA/90B5DxtWN19UA3o1FRDYmsyhdrohYwtqRubvDXQewDV6wGwOMtzs5glOuZ
+yvuzwiSkhDpqvLhG5G+vMy5ofdbpo/eSWv/89j09z5rHCwg0PVutFL+LSiRu0S4
9VMGszpB6Cy1fEhlYIXOlFloFtfGvMjZNklvkZlXJwWj1zeh3bQnQ2xvdWRlcmEs
IEluYy4gPHByb2FjdGl2ZUBjbG91ZGVyYS5jb20+iGAEExECACAFAlHEvxACGwMG
CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAbKT8U8Z8pE5OjAKDoRUIAvQLkNXyl
GqANWLbqU0mEaQCg7ZwRbP/wII2gkuWnB9htdCaWm9q5Ag0EUcS/ERAIAJiMxBy+
qxWs6t6px/jTqcZWx0iZEZ+1InJ7HK2XjMAdrFbt1eVKVfFXZUXAXDfGzzmy8oFn
cbl8uHLPRHjTwBdEKP7pHWSoEpSqrbTkU/SWhvkMlaJs0me+94AHxO7FXY9lcwO7
F0A1VAk74y5GgstxDbca611cK8lX+vRiK5sj7NobfHC5PrkUQpA94SbrXOq6ak8M
BJ1VM13hWDN5D2tpePZwb1I5XNiqrzaz9VjVdMgJWcrmCsaSVgpXOt/qYdpyCwgC
LTKz9uhWTcOOf9nxsZpGABryG5/AcCuwZpFZ4MU1xoE4m3AhhcagKtlhE5g8Vqdr
hI19EbV26QtbYQcAAwUH/RCj37fSirRcTF+vynoRc7z4x9vSPIdFAUmOMU5RWIWh
0pV4G61BJVi+tSnfFsUKzpvTAmd0mUPyoyltcfAaCeTvR7CLOejl7IHhLvMKTVs2
oDqnbLBrATXbILhjwxpMQ9ZlZseDySDmhPjO9KiQq82UMYulg/wnvnBgUFBAc4cH
gjnQiui0SmWG4J5pxwOiwByWAJyrUj7xFCLODcH+kH9cGL3zNPBmnLjHRfi7HCq1
D0rt9OrsAdNzuKkncUY6VtFLkH4gfSAQ2lqMbt/Ve9tkockwlgB630COIlk1ieTH
560ny8UtWUhYAxYJWE8WQaniam88QbOB8LX/w3J5CQWISQQYEQIACQUCUcS/EQIb
DAAKCRAbKT8U8Z8pE3bBAKDHTDmUbi3nEtuSCOqGDJE3jSiq9wCcDAtAqBjVfiJ4
KjsFTOdZK71ihnw=
=r4Om
----- END PGP PUBLIC KEY BLOCK -----