Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/104869 | Broken Link |
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-CVE-2018-8042 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2018-07-18T00:00:00
Updated: 2018-07-24T09:57:01
Reserved: 2018-03-09T00:00:00
Link: CVE-2018-8042
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-07-18T15:29:00.437
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-8042
JSON object: View
Redhat Information
No data.
CWE