Description

Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.

Remediation

References

http://www.securityfocus.com/bid/104869

https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-CVE-2018-8042

Related Vulnerabilities

CVE-2023-6291 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2021-23267 Vulnerability in maven package org.craftercms:crafter-engine

CVE-2018-10054 Vulnerability in maven package com.h2database:h2

CVE-2023-25768 Vulnerability in maven package org.jenkins-ci.plugins:azure-credentials

CVE-2023-24423 Vulnerability in maven package com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger

Severity

Critical

Classification

CWE-209 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Broken Link Vendor Advisory