Main Vulnerability Database Vulnerabilities #VU39338

Information disclosure in Ambari - CVE-2016-4976

Published: March 29, 2017 / Updated: February 8, 2021

Vulnerability identifier: #VU39338

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-4976

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Apache Foundation

Affected software:
Ambari

Detailed vulnerability description

The vulnerability allows a local authenticated user to gain access to sensitive information.

Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.

How to mitigate CVE-2016-4976

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/97229
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.0

Information disclosure in Ambari - CVE-2016-4976

Detailed vulnerability description

How to mitigate CVE-2016-4976

Sources

Please verify you're human