Description

Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.

Remediation

References

http://www.securityfocus.com/bid/104869

https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-CVE-2018-8042

Related Vulnerabilities

CVE-2021-21120 Vulnerability in npm package electron

CVE-2023-29924 Vulnerability in maven package tech.powerjob:powerjob

CVE-2020-5421 Vulnerability in maven package org.springframework:spring-web

CVE-2014-8110 Vulnerability in maven package org.apache.activemq:activemq-web-console

CVE-2018-1999027 Vulnerability in maven package org.jenkins-ci.plugins:saltstack

Severity

Critical

Classification

CWE-209 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Broken Link Vendor Advisory