CVE-2018-8042

Summary

Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Ambari2.5.0 to 2.6.2affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References