Local User Information Exposure in Apache Ambari
CVE-2016-4976

5.5MEDIUM

Key Information:

Vendor: Apache
Status: Ambari
Vendor: CVE Published:; 29 March 2017

Summary

Apache Ambari versions prior to 2.4.0 reveal KDC administrator passwords in the command line of the kadmin tool. This flaw enables local users to extract sensitive information through process listings, potentially compromising authentication mechanisms. Proper handling and sanitization of command line input are crucial to mitigate this vulnerability.

References

https://cwiki.apache.org/confluence/display/AMBARI/Ambari...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97229

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2017
Vulnerability Reserved
May 24, 2016