Main Vulnerability Database Vulnerabilities #VU38991

Information disclosure in Ambari - CVE-2017-5655

Published: May 15, 2017 / Updated: February 8, 2021

Vulnerability identifier: #VU38991

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-5655

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apache Foundation

Affected software:
Ambari

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.

How to mitigate CVE-2017-5655

Install update from vendor's website.

Sources

https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.3
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.1

Information disclosure in Ambari - CVE-2017-5655

Detailed vulnerability description

How to mitigate CVE-2017-5655

Sources

Please verify you're human