PT-2018-18401 · Apache · Oozie+2

Publicado

2018-07-18

Atualizado

2019-10-03

CVE-2018-8042

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Apache Ambari versions 2.5.0 through 2.6.2

Description: The issue exposes passwords for Hadoop credential stores in Ambari Agent informational log messages when the credential store feature is enabled for eligible services, such as Hive and Oozie.

Recommendations: For Apache Ambari versions 2.5.0 through 2.6.2, consider disabling the credential store feature for eligible services until a fix is available, or restrict access to Ambari Agent log messages to minimize the risk of password exposure.

Correção

Generation of Error Message Containing Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-209

Identificadores relacionados

CVE-2018-8042

Produtos afetados

Apache Ambari

Hive

Oozie

PT-2018-18401 · Apache · Oozie+2

CVE-2018-8042

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4