Vulnerability Disclosure Trust Center | Cloudera

Hear three industry experts as they reveal 2025 data and AI trends

Watch now

The Cloudera security response team provides a single point of contact for customers and the community to report and provide information on security vulnerabilities in Cloudera products. The team works internally with Cloudera's engineering and support organizations as well as the external Apache community to identify, fix, and communicate security vulnerabilities in all Cloudera products.

How to report a vulnerability

Cloudera strongly encourages customers and the community to report security vulnerabilities to our Security Response Team before disclosing them in a public forum.

If you are not a current Cloudera customer, please email security@cloudera.com to report a vulnerability.
If you are a Cloudera customer, please create a support case through MyCloudera. Be sure to include details on the version of software you are using and the hardware that it's running on. For any vulnerabilities found on www.cloudera.com or affiliated websites please include the full URL of the site/page where the vulnerability can be reproduced.

Please refrain from sending us reports about the following vulnerabilities:

General low-severity issues reported by automated scanners
- Missing Security Headers (eg. HSTS, CSP, SPF, DMARC)
- Missing Flags on Cookies
- SSL issues (weak ciphers/key size)
- Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no security impact
- Clickjacking
- Other general low-severity issues reported by automated scanners

Rate Limiting (unless it constitutes a significant risk)
Attacks requiring MITM or physical access to a user's device
Previously known vulnerable libraries without a working Proof of Concept
Vulnerabilities only affecting users of outdated or unpatched browsers [Less than 2 stable versions behind the latest released stable version]
Software version disclosure / Banner identification issues

To submit your report securely to Cloudera, please use the GPG key below.

KEY FINGERPRINT

2DD87C2D7CC0DB6A29F285A7E007C0E1307003AC

GPG PUBLIC KEY BLOCK

Copy and paste the key below:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGbgVv8BEACaHmRog7T6qv0jhcuJgH9muBmlRe7KUnrIaQOru2J40r5asvOg
rv25cHJ0KA+Bwe4PNHiB1bGqlBAjsQkBxS3IYv0SNhZvMvkgdq5BWRVYXhEiwoVe
EnPR087k/GWf3NVzVIeQHY50ZQM4gMecVsGlZc4+lIqgaTYfRZopqZBaGkuApktY
zqOYPSa7TughnzW+twjUKCYvY7ComaZAzBMniGaIca1RfW+xOJN3EKcYWOWanY8z
CBtq516xRoh9Z0Z43P16uwU916pAa+5ktd2l3SjRa/p+HL7Dqek9Gf1ut/7215hA
8x2B5F2Lx2MohbOvZcGVsnPTskxx8aXmOHDJHdn0cPkuNw1qTkj5LSrr5odRvejn
NpL3hVRNW8eEeUoWuWfLgKm441v0yRHbZofvd9scwvlHdPiFPr6XCzn5U7vwATNd
NiroIPkXadasQI2mg2L86Ry+hv6Wv/Q4AM7zxLLsURpzWTaDBG/mJROPwtzDo0Ga
dia1C13et8DiG7ZhhFjgGhJZKqpVDEFRfEx9pHsV2UkVr6Y8/DW7BK/mdZ41wFPZ
WcJ+Rk76v3CEgYwM4hNlF6M+zjjl3z6iKUVr5MSrPbZrxcdGoAK0fECi1wsLx5Ok
LzcymrDrEayCg2alo6uGoEODrnh82sNP3rqE/u3AV857t89CeZ8/ttm9DQARAQAB
tFxzZWN1cml0eSBjbG91ZGVyYSAoR1BHIGtleSBmb3IgdGhpcmQgcGFydHkgdnVs
bmVyYWJpbGl0eSBkaXNjbG9zdXJlKSA8c2VjdXJpdHlAY2xvdWRlcmEuY29tPokC
VwQTAQgAQRYhBC3YfC18wNtqKfKFp+AHwOEwcAOsBQJm4Fb/AhsDBQkB4TOABQsJ
CAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEOAHwOEwcAOsuK0P/Am54OwblAyj
q1tVDE++UdLfCwRe2HB7jPhIVhXckjzbVSVTO1NmC15Ph/XgJCg4OLc0SLLMuzHP
dsQ1vVie2eiCD5ButdC+QBkjPFWW6CK+NebgGGTD72lv3yhpFcJXXNl/e6eE/qid
K+ODMhlswkI+TtFmUrVHRBcEiqRXeVYXbPQ+ocqfv8GUoIVI1vj2r0YUWxsP1ge5
ZS+g1f8PPYHWQDXuRWMJGPaTMdWcJdPXVUb6ckqEp1h6F+zCqYoGd0TnxusXcH6U
a4hGNSakHT3VkjNHyZkP3oGgqkC4SBepihWhaMIP83pH0v5OXnGtdCvtSjTb1Yy5
xswbkO5DTuicJF3vMFTSfAvrUjXo2inxqV493yXSAM55eWKMWWPF/W7Pu3NyxqVg
eoK3OBzsREOP3CYaUvTvTE9nJwrj+tLto61Crst3dvrBx4hbLglKiHJKx49roTRq
1zxOswudFKNNeHXAdxNd5b2v6wBj0FXiZwYdWI85uX/cmy0MWFuoY09/gqbPHfqe
GeCl5liPWHeS0DT0QFbyzcvXiE1IGKApzGgSChIKutvqEseCQHdryamV0j4DRO7D
KiD9SGP+1OewoL8ECz4HESC4pnmIq/t6lsMvm0MYPkslT2sYoeJv4VyjKFX1ERr+
ATtibgEra7ThECpQ6SznoTCi9yENj2VpuQINBGbgVv8BEACv/VW8kloHSWDDtkGF
rTwKysvvME3+yHSQ4XyuzImhH++L9kTEwNc1zYVcmPb6V9vzYMHtAuVAC4jT3A8y
NzwuTwiEIjsczN3g/dW3lDbyKGnLQmppLHKCknLzOciAR28OUA4/3M28ckyRolsq
VnbfPQu1zqoI/0sm1Ko4OkcA4e8UkiOp+ni/T8a9pSdot9BoFJBHr+452qt98NV+
GLGIr8aCTpHggA88t+QYxJi4zfNH23aVFGieFz1FJzaQhh+jTXkMKTFNOADTE+jJ
5BQQZFggs5QaWqg1juFOLh1UVbUuZhmQpHp0ZxHiIySV69THKlPd92GNiNY6SQ6L
Kmabpq4sf7eGEFn/IOjThxvZyEm7TB7fvbs0ZXtGAgvB3p+yIAoy/XX76zyAUJaq
IbvaMLPVMwT5F4xviY6nj1k/waSRYqd+GS3862zXvLAWdttlU3DThHdXlR+EmZQQ
bg1kaM40aEylttIa8FnvmipSd5AqJQR9MNjrXnUBWSeqKPYnCNSsB/ksxK0rDQwr
aiq1FE8oK6Ae4cmrSal96MHp68SDaRs/J4KybW3+j6+SBCUi7NctUuKIoz3GGupj
SJQHrxgdcsh0QevHz6M8ZTu+hFgluuzU6s5rcHnxz1lgbEBYJ40xCQGFyjtrMLK7
55PcQN34u1WQVmpBa9lxo3GS+wARAQABiQI8BBgBCAAmFiEELdh8LXzA22op8oWn
4AfA4TBwA6wFAmbgVv8CGwwFCQHhM4AACgkQ4AfA4TBwA6yaOg//XL7+d9BZ7mwE
nDTYANf9X8M5TIaUh6b0yCkukPcuCUGw25wSorg5WjHLmaeXskMKT4yLZMBNAIdC
u51g5QntX+oBzvprf+aVPAng46LC0GdZRmLwOM68ZiaXecKPSxi3uyWBMaIuFfS9
wWStkPkCkeCKA31J8qKoQlo0ICETQ61fA/N4QJWw6ajhaqwJVCJdJQIlRq2iqeH/
dCnRPTNNmYDgFN+GQMQhzlcuejNzwBdAYnsJPXgEGVb6gOp94LpdgyZU+5sxyDK6
8uJTlIWC7pZ3wgbmiPQ9oou40JXXfT3EomeRux+U4W1wlXh7xQuOa8CckjvCpKHK
PETH8naNEnva0F+xldDCYXG3C1I5dIjORqEOMJpMNDeOFkfnG4siyDQQL4AFlDui
DUmKZYHuX8s7WNF6chadOZjRJTIQU/OyvJAmcMSjVkyzhUK2Ow91JDqG+mlG0Hvj
y01teTO+NMpRtLG0CkJaksxweMpQROp/SKpm70sLYhpf+zzcb64wKdaYcLInlN5+
2b5fSGks3e5fCdytbTRHFqGCGPGZUnoous8TR3Uye0Qxds33ZAHFSm3gS04FoP8E
SYQj4726viDkXCi7n785yJ9VhgF8pNwSaj6P2lHR807QgmuxVpuasFAyHAIuQkdZ
BNOEiI74s0bIL6uoURBfYbVgg506/DA=
=Peeo
-----END PGP PUBLIC KEY BLOCK-----

Bug Bounty Policy

Cloudera does not currently offer a Bug Bounty for any product or website vulnerabilities.

Explore Cloudera’s Trust Center

Security

Compliance

Availability

Privacy

Incident response

Advisories

World-class training, support, & services

Cloudera Support

Report an incident or vulnerability

Request privacy related information

Request security documentation or certifications

Ready to Get Started? Let’s Connect.

Your form submission has failed.

This may have been caused by one of the following:

Your request timed out
A plugin/browser extension blocked the submission. If you have an ad blocking plugin please disable it and close this message to reload the page.