Cloudera Data Engineering (CDE) prior to 1.1 was vulnerable to a CSRF attack.
cloudera data engineering