Description
In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.3
Vendor Advisory x_refsource_confirm
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.1
Scores
CVSS v3
7.5
EPSS
0.0219
EPSS Percentile
80.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-91
Status
published
Products (5)
apache/ambari
2.4.0
apache/ambari
2.4.1
apache/ambari
2.5.0
Apache Software Foundation/Apache Ambari
2.4.0 through 2.4.2
Apache Software Foundation/Apache Ambari
2.5.0
Published
May 12, 2017
Tracked Since
Feb 18, 2026