CVE-2016-0707

CWE-26410 documents4 sources

Severity

3.3LOW

EPSS

0.1%

top 82.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Ambari

Timeline

PublishedMay 18

Latest updateMay 17

Description

The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages1 packages

▶NVDapache/ambari2.1.1

🔴Vulnerability Details

GHSA

GHSA-ghpj-x5wj-pm89: The agent in Apache Ambari before 2↗2022-05-17

▶

CVEList

CVE-2016-0707: The agent in Apache Ambari before 2↗2016-05-18

▶

💬Community

Bugzilla

CVE-2016-1665 chromium-browser: information leak in v8↗2016-04-29

▶

Bugzilla

CVE-2016-1664 chromium-browser: address bar spoofing↗2016-04-29

▶

Bugzilla

CVE-2016-1660 chromium-browser: out-of-bounds write in blink↗2016-04-29

▶

Bugzilla

CVE-2016-1663 chromium-browser: use-after-free in blink's v8 bindings↗2016-04-29

▶

Bugzilla

CVE-2016-1661 chromium-browser: memory corruption in cross-process frames↗2016-04-29

▶