CVE-2016-0731

Опубликовано: 18 мая 2016

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.

Ссылки

https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.2.1
Vendor Advisory
https://docs.hortonworks.com/HDPDocuments/Ambari-2.2.1.0/bk_releasenotes_ambari_2.2.1.0/content/ambari_relnotes-2.2.1.0-cves.html
https://issues.apache.org/jira/browse/AMBARI-14780
Vendor Advisory
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.2.1
Vendor Advisory
https://docs.hortonworks.com/HDPDocuments/Ambari-2.2.1.0/bk_releasenotes_ambari_2.2.1.0/content/ambari_relnotes-2.2.1.0-cves.html
https://issues.apache.org/jira/browse/AMBARI-14780
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:ambari:*:*:*:*:*:*:*:*

Версия до 2.2.0 (включая)

EPSS

Процентиль: 42%

0.00201

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-7j37-8mvp-9f22