From d5e71c660aba851c7ceb8f6b0fe83a4df146c68d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 18 Jul 2018 10:07:50 -0400 Subject: [PATCH] - Added submission from Apache Ambari from 2018-07-18. --- 2018/8xxx/CVE-2018-8042.json | 49 +++++++++++++++++++++++++++++++++--- 1 file changed, 46 insertions(+), 3 deletions(-) diff --git a/2018/8xxx/CVE-2018-8042.json b/2018/8xxx/CVE-2018-8042.json index b0e1b03f5c3..334372932a4 100644 --- a/2018/8xxx/CVE-2018-8042.json +++ b/2018/8xxx/CVE-2018-8042.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@apache.org", + "DATE_PUBLIC" : "2018-07-18T00:00:00", "ID" : "CVE-2018-8042", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Ambari", + "version" : { + "version_data" : [ + { + "version_value" : "2.5.0 to 2.6.2" + } + ] + } + } + ] + }, + "vendor_name" : "Apache Software Foundation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-CVE-2018-8042" } ] }