Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.Referenceshttps://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120
