CVE-2017-5654

CWE-915 documents4 sources

Severity

7.5HIGH

EPSS

0.9%

top 24.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Ambari Apache Ambari

Timeline

PublishedMay 12

Latest updateMay 17

Description

In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDapache/ambari2.4.0, 2.4.1, 2.5.0+2

▶CVEListV5apache_software_foundation/apache_ambari2.4.0 through 2.4.2, 2.5.0+1

🔴Vulnerability Details

GHSA

GHSA-r6hc-8gvg-gr72: In Ambari 2↗2022-05-17

▶

CVEList

CVE-2017-5654: In Ambari 2↗2017-05-12

▶

💬Community

Bugzilla

CVE-2017-5654 CVE-2017-5655 ambari: Multiple security vulnerabilities fixed in ambari 2.5.1 [fedora-all]↗2017-05-16

▶

Bugzilla

CVE-2017-5655 CVE-2017-5654 ambari: Multiple security vulnerabilities fixed in ambari 2.5.1↗2017-05-16

▶