PT-2017-16648 · Apache · Ambari

Published

2017-05-12

Updated

2017-05-23

CVE-2017-5654

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ambari versions 2.4.0 through 2.4.2 Ambari version 2.5.0

Description An issue exists where an authorized user of the Ambari Hive View may gain unauthorized read access to files on the host where the Ambari server executes.

Recommendations For Ambari versions 2.4.0 through 2.4.2, update to version 2.4.3 or later. For Ambari version 2.5.0, update to a version that includes the fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-91

Related Identifiers

CVE-2017-5654

Affected Products

Ambari

PT-2017-16648 · Apache · Ambari

CVE-2017-5654

Weakness Enumeration

Related Identifiers

Affected Products

References · 4