CVE-2016-6807

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-6807

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6807.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-6807

Aliases

GHSA-j76q-99x2-v7vq

Published

2017-03-28T20:59:00Z

Modified

2024-09-03T01:24:52.949435Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.

References

Affected packages

Git / github.com/apache/ambari

Affected ranges

Type: GIT
Repo: https://github.com/apache/ambari
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

3689a8db02a2dbb7814490a0aba20e7de3771c0e

Last affected

8f1b8c5f7275d39508ffb2a0fd60b7592447f863

Affected versions

release-2.*

release-2.4.0

release-2.4.0-rc0