mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
184 lines
6.2 KiB
JSON
184 lines
6.2 KiB
JSON
{
|
|
"id": "CVE-2017-5655",
|
|
"sourceIdentifier": "security@apache.org",
|
|
"published": "2017-05-15T14:29:00.213",
|
|
"lastModified": "2017-05-23T03:00:27.383",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En Ambari desde la versi\u00f3n 2.2.2 hasta la 2.4.2 y en la 2.5.0, puede darse el caso de que haya datos sensibles almacenados en archivos temporales en el host del servidor de Ambari. Cualquier usuario autenticado en el host puede leer los archivos temporales."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": true,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-200"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:ambari:2.2.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "40ED1582-73DA-4CFE-9B2A-765A464FB205"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:ambari:2.2.2:rc0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E6EA965D-7D10-4C4E-A4A7-762538BDFEB0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:ambari:2.2.2:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "37DCE19A-294D-4384-92CB-42B36F759F82"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:ambari:2.4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "243741C6-FCA5-4E8F-93A6-033144214F31"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:ambari:2.4.0:rc0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8185C0EB-4BF3-41EF-AD85-3A7AFFFAD9F3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:ambari:2.4.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "114B2179-C5A7-4802-9A3C-580BF8153285"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:ambari:2.4.1:rc0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9046DB2D-E7DF-434C-BE67-759BD85E0B08"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:ambari:2.4.1:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9ECC970E-2645-4B03-9E28-16359C5022BF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:ambari:2.4.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9668FD5A-C08E-403B-8B6F-04FFA3C6296D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:ambari:2.4.2:rc0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "699F0806-D841-4955-A101-448E3DC62E8E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:ambari:2.4.2:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "27C40CB9-5E15-481F-9519-01820C348039"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:ambari:2.5.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C282AEEA-8E12-4B62-8535-B23EFFA0D188"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:ambari:2.5.0:rc0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7DA49EF4-F633-401D-AE87-569E85ABC0FE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:ambari:2.5.0:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7CBBC4A8-AD6B-4B9D-ADAB-2DD436993260"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:ambari:2.5.0:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2DCBCECF-6079-4330-8BB2-CAD56B938997"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.3",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Release Notes",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.1",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Release Notes",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |