CVE-2017-5654
Summary
| CVE | CVE-2017-5654 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-05-12 21:29:00 UTC |
| Updated | 2017-05-23 18:44:00 UTC |
| Description | In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes. |
Risk And Classification
Problem Types: CWE-91
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Ambari | 2.4.0 | All | All | All |
| Application | Apache | Ambari | 2.4.1 | All | All | All |
| Application | Apache | Ambari | 2.5.0 | All | All | All |
| Application | Apache | Ambari | 2.4.0 | All | All | All |
| Application | Apache | Ambari | 2.4.1 | All | All | All |
| Application | Apache | Ambari | 2.5.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Ambari Vulnerabilities - Apache Ambari - Apache Software Foundation | CONFIRM | cwiki.apache.org | Vendor Advisory |
| Ambari Vulnerabilities - Apache Ambari - Apache Software Foundation | CONFIRM | cwiki.apache.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.