CVE-2017-5655

CWE-200Information Exposure5 documents4 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 64.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache AmbariApache Ambari
Timeline
PublishedMay 15
Latest updateMay 17

Description

In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDapache/ambari5 versions+4
CVEListV5apache_software_foundation/apache_ambari2.2.2 through 2.4.2, 2.5.0+1

🔴Vulnerability Details

2
GHSA
GHSA-h76x-47cj-xc48: In Ambari 22022-05-17
CVEList
CVE-2017-5655: In Ambari 22017-05-15

💬Community

2
Bugzilla
CVE-2017-5654 CVE-2017-5655 ambari: Multiple security vulnerabilities fixed in ambari 2.5.1 [fedora-all]2017-05-16
Bugzilla
CVE-2017-5655 CVE-2017-5654 ambari: Multiple security vulnerabilities fixed in ambari 2.5.12017-05-16