CVE-2017-5655
MEDIUMApache Ambari 2.2.2-2.4.2 and 2.5.0 - Unauthorized Sensitive Data Exposure via Temporary Files
Title source: llmDescription
In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.3
Release Notes, Vendor Advisory x_refsource_confirm
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.1
Scores
CVSS v3
6.5
EPSS
0.0015
EPSS Percentile
34.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (7)
apache/ambari
2.2.2 (3 CPE variants)
apache/ambari
2.4.0 (2 CPE variants)
apache/ambari
2.4.1 (3 CPE variants)
apache/ambari
2.4.2 (3 CPE variants)
apache/ambari
2.5.0 (4 CPE variants)
Apache Software Foundation/Apache Ambari
2.2.2 through 2.4.2
Apache Software Foundation/Apache Ambari
2.5.0
Published
May 15, 2017
Tracked Since
Feb 18, 2026