{"id":"CVE-2016-4976","details":"Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.","aliases":["GHSA-q3pw-6vf2-66hf"],"modified":"2026-04-10T03:51:31.389009Z","published":"2017-03-29T20:59:00.247Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97229"},{"type":"REPORT","url":"https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/ambari","events":[{"introduced":"0"},{"last_affected":"b5c6ea2e7fb64bca8bdf6c7ab63158dec09a1036"},{"introduced":"0"},{"last_affected":"fc7f513a3f03313d6a3b39bf2ef082ccd6695524"},{"introduced":"0"},{"last_affected":"dc223c33879f789993cf5c18c1f854ff4c603d00"},{"introduced":"0"},{"last_affected":"dd69b547b5458ae34ec0d4738f388611fe651460"},{"introduced":"0"},{"last_affected":"8239e4df65a0d95a8fd06e624d34e87596f0bbe5"},{"introduced":"0"},{"last_affected":"c1d56c3bf43bb9bd10e4cf14f4720049f7697fec"},{"introduced":"0"},{"last_affected":"9a9ecca7809c57e16cfe273c3e7b6df7f63a47c7"},{"introduced":"0"},{"last_affected":"08c6c18907d8f35cce55eeaf9123db19fe34ce10"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.0"},{"introduced":"0"},{"last_affected":"2.0.2"},{"introduced":"0"},{"last_affected":"2.1.0"},{"introduced":"0"},{"last_affected":"2.1.1"},{"introduced":"0"},{"last_affected":"2.1.2"},{"introduced":"0"},{"last_affected":"2.2.0"},{"introduced":"0"},{"last_affected":"2.2.1"},{"introduced":"0"},{"last_affected":"2.2.2"}]}}],"versions":["2.1.3_to_2.2.0_rename","Ambari-2.1.0-tag","release-2.0.0","release-2.0.0-rc0","release-2.0.0-rc1","release-2.0.0-rc2","release-2.0.0-rc3","release-2.0.0-rc4","release-2.0.1-rc0","release-2.0.2","release-2.0.2-rc0","release-2.0.2-rc1","release-2.0.2-rc2","release-2.1.0","release-2.1.0-rc0","release-2.1.0-rc1","release-2.1.1","release-2.1.1-rc0","release-2.1.2","release-2.1.2-rc0","release-2.1.2-rc1","release-2.1.2-rc2","release-2.1.2-rc3","release-2.2.0","release-2.2.0-rc0","release-2.2.0-rc1","release-2.2.1","release-2.2.1-rc0","release-2.2.1-rc1","release-2.2.1-rc2","release-2.2.2","release-2.2.2-rc0","release-2.2.2-rc1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.0.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4976.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}