PT-2018-18401 · Apache · Oozie+2

Published

2018-07-18

Updated

2019-10-03

CVE-2018-8042

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Apache Ambari versions 2.5.0 through 2.6.2

Description: The issue exposes passwords for Hadoop credential stores in Ambari Agent informational log messages when the credential store feature is enabled for eligible services, such as Hive and Oozie.

Recommendations: For Apache Ambari versions 2.5.0 through 2.6.2, consider disabling the credential store feature for eligible services until a fix is available, or restrict access to Ambari Agent log messages to minimize the risk of password exposure.

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

CVE-2018-8042

Affected Products

Apache Ambari

Hive

Oozie

PT-2018-18401 · Apache · Oozie+2

CVE-2018-8042

Weakness Enumeration

Related Identifiers

Affected Products

References · 4