CVE-2016-6807

Name of the Vulnerable Software and Affected Versions Ambari Agent versions 2.4.x through 2.4.1 Ambari Agent versions prior to 2.4.2

Description The issue allows custom commands to be executed on Ambari Agent hosts without proper authorization. This can lead to unauthorized access to certain operations that may impact the underlying system. These operations are invoked by the Ambari Agent process, running as the user who executes the Ambari Agent process.

Recommendations For Ambari Agent versions 2.4.x through 2.4.1, update to version 2.4.2 or later to resolve the issue. For Ambari Agent versions prior to 2.4.2, update to version 2.4.2 or later to resolve the issue.