Vulnerability Details CVE-2017-5655
In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.3
- https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.1
- https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.3
- https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.1
Products affected by CVE-2017-5655
-
cpe:2.3:a:apache:ambari:2.2.2
-
cpe:2.3:a:apache:ambari:2.4.0
-
cpe:2.3:a:apache:ambari:2.4.1
-
cpe:2.3:a:apache:ambari:2.4.2
-
cpe:2.3:a:apache:ambari:2.5.0