CVE-2018-8042

EPSS 0.69%
Veröffentlicht 18.07.2018 15:29:00
Zuletzt bearbeitet 21.11.2024 04:13:09
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Ambari Version >= 2.5.0 <= 2.6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.69%	0.693

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

http://www.securityfocus.com/bid/104869

Broken Link

https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-CVE-2018-8042

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-8042

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-8042

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-8042

EUVD