CVE-2016-0731

CWE-284 — Improper Access Control3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.2%

top 57.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Ambari

Timeline

PublishedMay 18

Latest updateMay 17

Description

The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

▶NVDapache/ambari2.2.0

🔴Vulnerability Details

GHSA

GHSA-7j37-8mvp-9f22: The File Browser View in Apache Ambari before 2↗2022-05-17

▶

CVEList

CVE-2016-0731: The File Browser View in Apache Ambari before 2↗2016-05-18

▶