In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.
References
Link | Resource |
---|---|
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.1 | Release Notes Vendor Advisory |
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.3 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-05-15 07:29
Updated : 2017-05-22 20:00
NVD link : CVE-2017-5655
Mitre link : CVE-2017-5655
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
apache
- ambari