CVE-2017-5655: Infoleak
First published: Mon May 15 2017(Updated: )
In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Ambari | =2.2.2 | |
| Apache Ambari | =2.2.2-rc0 | |
| Apache Ambari | =2.2.2-rc1 | |
| Apache Ambari | =2.4.0 | |
| Apache Ambari | =2.4.0-rc0 | |
| Apache Ambari | =2.4.1 | |
| Apache Ambari | =2.4.1-rc0 | |
| Apache Ambari | =2.4.1-rc1 | |
| Apache Ambari | =2.4.2 | |
| Apache Ambari | =2.4.2-rc0 | |
| Apache Ambari | =2.4.2-rc1 | |
| Apache Ambari | =2.5.0 | |
| Apache Ambari | =2.5.0-rc0 | |
| Apache Ambari | =2.5.0-rc1 | |
| Apache Ambari | =2.5.0-rc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- vendor/apache
- canonical/apache ambari
- version/apache ambari/2.2.2
- version/apache ambari/2.2.2-rc0
- version/apache ambari/2.2.2-rc1
- version/apache ambari/2.4.0
- version/apache ambari/2.4.0-rc0
- version/apache ambari/2.4.1
- version/apache ambari/2.4.1-rc0
- version/apache ambari/2.4.1-rc1
- version/apache ambari/2.4.2
- version/apache ambari/2.4.2-rc0
- version/apache ambari/2.4.2-rc1
- version/apache ambari/2.5.0
- version/apache ambari/2.5.0-rc0
- version/apache ambari/2.5.0-rc1
- version/apache ambari/2.5.0-rc2