CVE-2016-6807 – org.apache.ambari:ambari

Package

Manager: maven
Name: org.apache.ambari:ambari
Vulnerable Version: >=2.4.0 <2.4.2

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00841 pctl0.73858

Details

Apache Ambari Improper Access Control Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.

Metadata

Created: 2022-05-17T02:51:56Z
Modified: 2023-11-07T17:56:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j76q-99x2-v7vq/GHSA-j76q-99x2-v7vq.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-j76q-99x2-v7vq
Finding: F039
Auto approve: 1