Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability

A directory traversal vulnerability allowing information disclosure has been identified in the Ace Editor component of Cloudera Hue. This issue arises from inadequate validation of user-supplied paths before they are used in file operations, enabling remote attackers to access sensitive information within the context of the service account. Notably, authentication is not required to exploit this vulnerability.

Impact

Exploitation of this vulnerability could lead to unauthorized disclosure of sensitive information from the affected Cloudera Hue installation.