Vulnerabilities > Apache > Ambari > 2.4.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-17 | CVE-2020-13924 | Path Traversal vulnerability in Apache Ambari In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. | 7.5 |
| 2021-03-02 | CVE-2020-1936 | Cross-site Scripting vulnerability in Apache Ambari A cross-site scripting issue was found in Apache Ambari Views. | 6.1 |
| 2018-05-03 | CVE-2018-8003 | Path Traversal vulnerability in Apache Ambari Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the Ambari Server is running as. | 5.3 |
| 2017-05-15 | CVE-2017-5655 | Information Exposure vulnerability in Apache Ambari In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. | 6.5 |
| 2017-04-03 | CVE-2017-5642 | Incorrect Default Permissions vulnerability in Apache Ambari 2.4.0/2.4.1/2.4.2 During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs. | 9.8 |