Table of Contents |
---|
Fixed in Ambari 2.5.1
...
CVE-2017-5654: XML injection vulnerability in Hive View
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: 2.4.0 to 2.5.0 (inclusive)
Versions Fixed: 2.4.3, 2.5.1
Description: An authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Amari server executes.
Access to files are limit to the set of files for which the user that executes the Ambari server has read access.
Mitigation: Ambari users should upgrade to version 2.4.3; or version 2.5.1 or above.
Credit: New York Life Insurance Company
Fixed in Ambari 2.5.0
...
CVE-2017-5642: Ambari Server artifacts do not have proper ACLs
...
Credit: Hortonworks
Fixed in Ambari 2.4.3
...
CVE-2017-5654: XML injection vulnerability in Hive View
...