CVE-2016-4976 – org.apache.ambari:ambari

Package

Manager: maven
Name: org.apache.ambari:ambari
Vulnerable Version: >=2.0.0 <2.4.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00082 pctl0.24869

Details

Apache Ambari reveals administrator passwords Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.

Metadata

Created: 2022-05-17T02:52:22Z
Modified: 2023-11-07T17:57:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q3pw-6vf2-66hf/GHSA-q3pw-6vf2-66hf.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-q3pw-6vf2-66hf
Finding: F038
Auto approve: 1