CVE-2016-6807

Summary

Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Ambari2.4.x before 2.4.2affected

Weaknesses

  • missing authorization check

ADP Enrichment

CVE Program Container

Additional References

References