Description

Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.

Remediation

References

https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-CVE-2018-8042

http://www.securityfocus.com/bid/104869

Related Vulnerabilities

CVE-2022-36060 Vulnerability in npm package matrix-react-sdk

CVE-2022-31679 Vulnerability in maven package org.springframework.data:spring-data-rest-webmvc

CVE-2022-22979 Vulnerability in maven package org.springframework.cloud:spring-cloud-function-context

CVE-2021-21633 Vulnerability in maven package org.jenkins-ci.plugins:dependency-track

CVE-2021-21118 Vulnerability in maven package org.webjars.npm:electron

Severity

Critical

Classification

CWE-209 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Broken Link