What is CVE-2018-8042?

CVE-2018-8042 is a high-severity vulnerability in Apache Ambari, classified under Generation of Error Message Containing Sensitive Information. CVSS score: 8.1/10. Published 2018-07-18.

How severe is CVE-2018-8042?

High severity. CVSS v3 base score is 8.1 out of 10.

Information disclosure in Apache Ambari

CVE-2018-8042

Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.

EPSS: 0.018 (75.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Apache Ambari
Apache Software Foundation Ambari — versions 2.5.0 to 2.6.2

Weakness classification (CWE)

CWE-209 — Generation of Error Message Containing Sensitive Information

References

security@apache.org (vdb-entry, Broken Link, x_refsource_BID)
security@apache.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2018-8042?: CVE-2018-8042 is a high-severity vulnerability in Apache Ambari, classified under Generation of Error Message Containing Sensitive Information. CVSS score: 8.1/10. Published 2018-07-18.
How severe is CVE-2018-8042?: High severity. CVSS v3 base score is 8.1 out of 10.