CVE-2017-5655

MEDIUM

Apache Ambari - Information Disclosure

Title source: rule

Description

In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.

References (2)

Scores

CVSS v3 6.5
EPSS 0.0015
EPSS Percentile 35.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (17)
apache/ambari
apache/ambari
apache/ambari
apache/ambari
apache/ambari
apache/ambari
apache/ambari
apache/ambari
apache/ambari
apache/ambari
... and 7 more
Published May 15, 2017
Tracked Since Feb 18, 2026