Page History

...

Versions Fixed: 2.4.3, 2.5.1

Description: During installation, Ambari Server artifacts are not created with proper ACLsSensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.

Mitigation: Ambari 2.4.x (before 2.4.3) users should upgrade to version 2.4.3; Ambari 2.5.0 users should upgrade to Ambari 2.5.1 or above. 

Ambari 2.4.3 and Ambari 2.5.1 correct this issue by forcing the related temporary files to be accessible only to the user executing the Ambari server process. The related temporary files should be removed when no longer needed, as well.

...

Versions Fixed: 2.4.3, 2.5.1

Description: During installation, Ambari Server artifacts are not created with proper ACLsSensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.

Mitigation: Ambari 2.4.x (before 2.4.3) users should upgrade to version 2.4.3; Ambari 2.5.0 users should upgrade to Ambari 2.5.1 or above. 

Ambari 2.4.3 and Ambari 2.5.1 correct this issue by forcing the related temporary files to be accessible only to the user executing the Ambari server process. The related temporary files should be removed when no longer needed, as well.

...