CVE-2018-8042
First published: Wed Jul 18 2018(Updated: )
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Ambari | >=2.5.0<=2.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-8042?
CVE-2018-8042 is a vulnerability in Apache Ambari version 2.5.0 to 2.6.2 where passwords for Hadoop credential stores are exposed in Ambari Agent logs.
How severe is CVE-2018-8042?
CVE-2018-8042 has a severity rating of 8.1 (high).
Which versions of Apache Ambari are affected by CVE-2018-8042?
CVE-2018-8042 affects Apache Ambari version 2.5.0 to 2.6.2.
How can I fix CVE-2018-8042?
To fix CVE-2018-8042, upgrade to a version of Apache Ambari that is not affected by this vulnerability.
Where can I find more information about CVE-2018-8042?
You can find more information about CVE-2018-8042 at the following links: [Security Focus](http://www.securityfocus.com/bid/104869), [Apache Ambari Confluence](https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-CVE-2018-8042).
- collector/nvd-index
- agent/author
- agent/event
- agent/references
- agent/severity
- agent/weakness
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache ambari
- version/apache ambari/2.5.0
- version/apache ambari/2.6.2