exploitDog

CVE-2018-8042

Опубликовано: 18 июл. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 4.3

EPSS Низкий

Описание

Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.

Ссылки

http://www.securityfocus.com/bid/104869
Broken Link
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-CVE-2018-8042
Vendor Advisory
http://www.securityfocus.com/bid/104869
Broken Link
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-CVE-2018-8042
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:ambari:*:*:*:*:*:*:*:*

Версия от 2.5.0 (включая) до 2.6.2 (включая)

EPSS

Процентиль: 70%

0.00651

Низкий

8.1 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-209

Связанные уязвимости

GHSA-w7hj-3rjm-8vj7

CVSS3: 8.1

github

больше 3 лет назад

Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.

EPSS

Процентиль: 70%

0.00651

Низкий

8.1 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-209