THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
| Table of Contents |
|---|
Fixed in Ambari 2.6.2
...
CVE-2018-8003: Path traversal in Ambari allows remote and unauthenticated access to files in the filesystem
Severity: Important
Vendor: Hortonworks
Versions Affected: Ambari 1.4.0 through Ambari 2.6.1
Description: Ambari is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the Ambari Server is running as. Direct network access to the Ambari Server is required to issue this request, and those Ambari Servers that are protected behind a firewall, or in a restricted network zone are at less risk of being affected by this issue.
Mitigation:
Ambari 2.5.x and earlier installations should be upgraded to Ambari 2.6.2
Ambari 2.6.0 installations should be upgraded to Ambari 2.6.2
Ambari 2.6.1 installations should be upgraded to Ambari 2.6.2
Credit: Krzysztof Przybylski from STM Solutions
Fixed in Ambari 2.5.1
...
CVE-2017-5654: XML injection vulnerability in Hive View
...