CVE-2020-13924

CWE-22 — Path Traversal3 documents3 sources

Severity

7.5HIGH

EPSS

0.8%

top 25.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Ambari Apache Ambari

Timeline

PublishedMar 17

Latest updateMay 24

Description

In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDapache/ambari2.6.2.2

▶CVEListV5apache_software_foundation/apache_ambariApache Ambari — 2.6.2.2

🔴Vulnerability Details

GHSA

GHSA-vh54-r2r8-v2g2: In Apache Ambari versions 2↗2022-05-24

▶

CVEList

CVE-2020-13924: In Apache Ambari versions 2↗2021-03-17

▶