CVE-2018-8042

CWE-2093 documents3 sources

Severity

8.1HIGH

EPSS

0.7%

top 29.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Ambari Apache Software Foundation Apache Ambari

Timeline

PublishedJul 18

Latest updateMay 13

Description

Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDapache/ambari2.5.0 — 2.6.2

▶CVEListV5apache_software_foundation/apache_ambari2.5.0 to 2.6.2

🔴Vulnerability Details

GHSA

GHSA-w7hj-3rjm-8vj7: Apache Ambari, version 2↗2022-05-13

▶

CVEList

CVE-2018-8042: Apache Ambari, version 2↗2018-07-18

▶