Lucene search

GitHub Advisory DatabaseGHSA-9G2J-5685-H44H

HistoryMay 17, 2022 - 4:03 a.m.

Apache Ambari SSRF Vulnerability

2022-05-1704:03:11

CWE-918

GitHub Advisory Database

github.com

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

65.7%

JSON

Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call.

Affected configurations

Vulners

Node

org.apache.ambari\Matchambari

CPENameOperatorVersion
org.apache.ambari:ambarige1.5.0
org.apache.ambari:ambarilt2.1.0

CPE	Name	Operator	Version
	org.apache.ambari:ambari	ge	1.5.0
	org.apache.ambari:ambari	lt	2.1.0

References

www.openwall.com/lists/oss-security/2015/10/13/2

cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.1.0

github.com/advisories/GHSA-9g2j-5685-h44h

nvd.nist.gov/vuln/detail/CVE-2015-1775

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

65.7%

JSON

Related for GHSA-9G2J-5685-H44H