PT-2018-18373 · Apache · Apache Ambari

Published

2018-05-03

Updated

2018-06-13

CVE-2018-8003

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Apache Ambari versions 1.4.0 to 2.6.1

Description: The issue allows an unauthenticated user to perform a directory traversal attack, granting read-only access to any file on the host's filesystem that is accessible by the user running the Ambari Server. This requires direct network access to the Ambari Server. Servers protected by a firewall or in a restricted network zone are at lower risk.

Recommendations: For Apache Ambari versions 1.4.0 to 2.6.1, restrict direct network access to the Ambari Server, and consider placing it behind a firewall or in a restricted network zone to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-8003

Affected Products

Apache Ambari

PT-2018-18373 · Apache · Apache Ambari

CVE-2018-8003

Weakness Enumeration

Related Identifiers

Affected Products

References · 4