CVE-2018-8003 Information

Feb 14, 2021 cve

Description

Apache Ambari versions 1.4.0 to 2.6.1 is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the Ambari Server is running as. Direct network access to the Ambari Server is required to issue this request and those Ambari Servers that are protected behind a firewall or in a restricted network zone are at less risk of being affected by this issue.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

http://www.securityfocus.com/bid/104161 https://cwiki.apache.org/confluence/display/AMBARI/Ambari+VulnerabilitiesAmbariVulnerabilities-CVE-2018-8003

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3

Share on: