THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Mitigation: Ambari users should upgrade to version 2.4.0 or above.
Version 2.4.0 onwards properly enforces that agent-supplied host names are valid hostnames before attempting to execute OpenSSL commands to create SSL certificates. However, this feature may be disabled by setting security.agent.hostname.validate to "false" in the ambari.properties file. It is strongly recommended that the default value of security.agent.hostname.validate is not changed since it may enable this vulnerability.
Credit: David Jorm
...
CVE-2016-4976: Apache Ambari kadmin password visibility vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: 2.0.0 to 2.2.2
Versions Fixed: 2.4.0
Description: Due to the way Ambari executes the kadmin command to manage principals in an MIT KDC, a user with access to the Ambari server host may be able to capture the KDC administrator credentials.
Mitigation: Ambari users should upgrade to version 2.4.0 or above.
Version 2.4.0 onwards sends passwords to the kadmin command via the command's STDIN channel rather then embed it as arguments in the executed command line.
Credit: Greg S. Senia from New York Life Insurance Company.
Fixed in Ambari 2.2.1
...
CVE-2016-0731: Ambari File Browser View security vulnerability
...