CVE-2017-5654

HIGH

Ambari <2.4.3-2.5.0 - Info Disclosure

Title source: llm

Description

In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.

References (2)

[Vendor Advisory] https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.3

[Vendor Advisory] https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.1

Scores

CVSS v3 7.5

EPSS 0.0091

EPSS Percentile 75.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-91

Status published

Products (5)

apache/ambari 2.4.0

apache/ambari 2.4.1

apache/ambari 2.5.0

Apache Software Foundation/Apache Ambari 2.4.0 through 2.4.2

Apache Software Foundation/Apache Ambari 2.5.0

Published May 12, 2017

Tracked Since Feb 18, 2026