Description
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.
Remediation
References
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-CVE-2018-8042
http://www.securityfocus.com/bid/104869
Related Vulnerabilities
CVE-2011-4905 Vulnerability in maven package activemq:activemq-core
CVE-2023-6291 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2022-28731 Vulnerability in maven package org.apache.jspwiki:jspwiki-main
CVE-2019-10297 Vulnerability in maven package org.jenkins-ci.plugins:sametime
CVE-2018-1273 Vulnerability in maven package org.springframework.data:spring-data-commons