Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qNzZxLTk5eDItdjd2cc4AAbxy
Apache Ambari Improper Access Control
Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.
Permalink: https://github.com/advisories/GHSA-j76q-99x2-v7vqJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNzZxLTk5eDItdjd2cc4AAbxy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: 6 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-j76q-99x2-v7vq, CVE-2016-6807
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-6807
- https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.2
- https://web.archive.org/web/20200227181557/http://www.securityfocus.com/bid/97184
- https://github.com/advisories/GHSA-j76q-99x2-v7vq
Affected Packages
maven:org.apache.ambari:ambari
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: >= 2.4.0, < 2.4.2
Fixed in: 2.4.2
All affected versions:
All unaffected versions: