CVE-2017-5654
First published: Fri May 12 2017(Updated: )
In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Ambari | =2.4.0 | |
| Apache Ambari | =2.4.1 | |
| Apache Ambari | =2.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-5654?
CVE-2017-5654 has a medium severity rating, indicating a moderate impact on system security.
How do I fix CVE-2017-5654?
To mitigate CVE-2017-5654, upgrade your Ambari installation to version 2.4.3 or 2.5.1 or later.
What software versions are affected by CVE-2017-5654?
CVE-2017-5654 affects Apache Ambari versions 2.4.0, 2.4.1, and 2.5.0.
What type of attack is possible due to CVE-2017-5654?
Due to CVE-2017-5654, an authorized user of Ambari Hive View may exploit the vulnerability to gain unauthorized read access to host files.
Who is vulnerable to CVE-2017-5654?
Any organization using Apache Ambari versions 2.4.0, 2.4.1, or 2.5.0 is vulnerable to CVE-2017-5654 if not updated.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/weakness
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/apache
- canonical/apache ambari
- version/apache ambari/2.4.0
- version/apache ambari/2.4.1
- version/apache ambari/2.5.0