https://bugzilla.redhat.com/show_bug.cgi?id=1273028
Bug ID: 1273028
Summary: CVE-2015-5210 CVE-2015-3186 CVE-2015-3270
CVE-2015-1775 Apache Ambari: multiple flaws fixed in
2.1.2
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mprpic(a)redhat.com
CC: java-sig-commits(a)lists.fedoraproject.org,
me(a)coolsvap.net, moceap(a)hotmail.com,
pmackinn(a)redhat.com
Four flaws were reported in Apache Ambari:
CVE-2015-5210: Unvalidated Redirects and Forwards using targetURI parameter can
enable phishing exploits
Versions Affected: 1.7.0 to 2.1.1
Versions Fixed: 2.1.2
Description: A redirect to an untrusted server is possible via unvalidated
input that specifies a redirect URL upon
successful login.
CVE-2015-3186: Apache Ambari XSS vulnerability
Versions Affected: 1.7.0 to 2.0.2
Versions Fixed: 2.1.0
Description: Ambari allows authenticated cluster operator users to specify
arbitrary text as a note when saving
configuration changes. This note field is rendered as is (unescaped HTML).
This exposes opportunities for XSS.
CVE-2015-3270: A non-administrative user can escalate themselves to have
administrative privileges remotely
Versions Affected: 1.7.0, 2.0.0, 2.0.1, 2.1.0
Versions Fixed: 2.0.2, 2.1.1
Description: An authenticated user can remotely escalate his/her permissions to
administrative level. This can escalate
their privileges for access through the API as well from the UI.
CVE-2015-1775: Apache Ambari Server Side Request Forgery vulnerability
Versions Affected: 1.5.0 to 2.0.2
Versions Fixed: 2.1.0
Description: Ambari exposes a proxy endpoint through “api/v1/proxy” that can be
used make REST calls to arbitrary
host:port that are accessible from the Ambari server host. Ability to make
these calls is limited to Ambari
authenticated users only. In addition, an user need to be Ambari admin user to
make the REST calls using METHODs other
than GET (non-admin users can only call GET). This ability to call allows
malicious users to perform port scans and/or
access unsecured services visible to the Ambari Server host through the proxy
endpoint. In addition Ambari provides an
utility to handle such proxy calls that are used by View instances hosted by
Ambari
External References:
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=WL0R8wxKUh&a=cc_unsubscribe