6.5

CVE-2017-5655

In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheAmbari Version2.2.2
ApacheAmbari Version2.2.2 Updaterc0
ApacheAmbari Version2.2.2 Updaterc1
ApacheAmbari Version2.4.0
ApacheAmbari Version2.4.0 Updaterc0
ApacheAmbari Version2.4.1
ApacheAmbari Version2.4.1 Updaterc0
ApacheAmbari Version2.4.1 Updaterc1
ApacheAmbari Version2.4.2
ApacheAmbari Version2.4.2 Updaterc0
ApacheAmbari Version2.4.2 Updaterc1
ApacheAmbari Version2.5.0
ApacheAmbari Version2.5.0 Updaterc0
ApacheAmbari Version2.5.0 Updaterc1
ApacheAmbari Version2.5.0 Updaterc2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.32
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.