oss-sec mailing list archives
CVE-2018-8042: Passwords for Hadoop credential stores are visible in Ambari Agent standard out in Apache Ambari
From: Robert Levas <rlevas () apache org>
Date: Wed, 18 Jul 2018 09:57:37 -0400
CVE-2018-8042: Passwords for Hadoop credential stores are visible in Ambari Agent standard out Severity: Important Vendor: Hortonworks Versions Affected: Ambari 2.5.x, Ambari 2.6.x Versions Fixed: Ambari 2.7.0 Description: Passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie. Mitigation: Ambari 2.5.x installations should be upgraded to Ambari 2.7.0 Ambari 2.6.x installations should be upgraded to Ambari 2.7.0 Credit: This issue was discovered by Hortonworks.
Current thread:
- CVE-2018-8042: Passwords for Hadoop credential stores are visible in Ambari Agent standard out in Apache Ambari Robert Levas (Jul 18)