CVE-2020-13924
published 2021-03-17CVE-2020-13924: In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | ambari | <= 2.6.2.2 | — |
| apache_software_foundation | apache_ambari | Apache Ambari – 2.6.2.2 | — |