Description

Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.

Remediation

References

http://www.securityfocus.com/bid/104869

https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-CVE-2018-8042

Related Vulnerabilities

CVE-2022-34194 Vulnerability in maven package org.jenkins-ci.plugins:readonly-parameters

CVE-2023-41046 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2018-20677 Vulnerability in npm package bootstrap-sass

CVE-2015-1806 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-49804 Vulnerability in npm package uptime-kuma

Severity

Critical

Classification

CWE-209 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Broken Link Vendor Advisory