Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 18 Jul 2018 09:57:37 -0400
From: Robert Levas <rlevas@...che.org>
To: oss-security@...ts.openwall.com
Cc: private@...ari.apache.org
Subject: CVE-2018-8042: Passwords for Hadoop credential stores are visible in
 Ambari Agent standard out in Apache Ambari

CVE-2018-8042: Passwords for Hadoop credential stores are visible in Ambari Agent standard out 

Severity: Important

Vendor: Hortonworks

Versions Affected: Ambari 2.5.x, Ambari 2.6.x

Versions Fixed: Ambari 2.7.0

Description:
Passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.

Mitigation:
Ambari 2.5.x installations should be upgraded to Ambari 2.7.0
Ambari 2.6.x installations should be upgraded to Ambari 2.7.0

Credit:
This issue was discovered by Hortonworks.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ