CVE-2016-0731

Name of the Vulnerable Software and Affected Versions Apache Ambari versions prior to 2.2.1

Description The issue allows remote authenticated administrators to read arbitrary files. This is achieved by using a file: URL in the WebHDFS URL configuration within the File Browser View.

Recommendations For versions prior to 2.2.1, update to version 2.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the File Browser View to minimize the risk of exploitation.