High severity7.5NVD Advisory· Published May 12, 2017· Updated May 13, 2026

CVE-2017-5654

Description

In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.

Affected products

Apache/Ambari3 versions
cpe:2.3:a:apache:ambari:2.4.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:apache:ambari:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ambari:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ambari:2.5.0:*:*:*:*:*:*:*
Apache Software Foundation/Apache Ambariv5
Range: 2.4.0 through 2.4.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cwiki.apache.org/confluence/display/AMBARI/Ambari+VulnerabilitiesnvdVendor Advisory
cwiki.apache.org/confluence/display/AMBARI/Ambari+VulnerabilitiesnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000