CVE-2017-5654

Summary

In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Ambari2.4.0 through 2.4.2affected
Apache Software FoundationApache Ambari2.5.0affected

Weaknesses

  • XML injection

ADP Enrichment

CVE Program Container

Additional References

References