{"id":"CVE-2017-5655","details":"In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.","modified":"2026-07-08T10:55:27.985664Z","published":"2017-05-15T14:29:00.213Z","references":[{"type":"ADVISORY","url":"https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.3"},{"type":"ADVISORY","url":"https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/ambari","events":[{"introduced":"08c6c18907d8f35cce55eeaf9123db19fe34ce10"},{"last_affected":"70b4ba403dd7e890d7fcc5964b1cd231ee6e98c0"}],"database_specific":{"source":"CPE_STRING","cpe":["cpe:2.3:a:apache:ambari:2.2.2:*:*:*:*:*:*:*","cpe:2.3:a:apache:ambari:2.2.2:rc0:*:*:*:*:*:*","cpe:2.3:a:apache:ambari:2.2.2:rc1:*:*:*:*:*:*","cpe:2.3:a:apache:ambari:2.4.0:*:*:*:*:*:*:*","cpe:2.3:a:apache:ambari:2.4.0:rc0:*:*:*:*:*:*","cpe:2.3:a:apache:ambari:2.4.1:*:*:*:*:*:*:*","cpe:2.3:a:apache:ambari:2.4.1:rc1:*:*:*:*:*:*","cpe:2.3:a:apache:ambari:2.4.1:rc0:*:*:*:*:*:*","cpe:2.3:a:apache:ambari:2.4.2:*:*:*:*:*:*:*","cpe:2.3:a:apache:ambari:2.4.2:rc1:*:*:*:*:*:*","cpe:2.3:a:apache:ambari:2.4.2:rc0:*:*:*:*:*:*","cpe:2.3:a:apache:ambari:2.5.0:*:*:*:*:*:*:*","cpe:2.3:a:apache:ambari:2.5.0:rc2:*:*:*:*:*:*","cpe:2.3:a:apache:ambari:2.5.0:rc0:*:*:*:*:*:*","cpe:2.3:a:apache:ambari:2.5.0:rc1:*:*:*:*:*:*"],"extracted_events":[{"introduced":"2.2.2"},{"last_affected":"2.2.2"},{"introduced":"2.2.2-rc0"},{"last_affected":"2.2.2-rc0"},{"introduced":"2.2.2-rc1"},{"last_affected":"2.2.2-rc1"},{"introduced":"2.4.0"},{"last_affected":"2.4.0"},{"introduced":"2.4.0-rc0"},{"last_affected":"2.4.0-rc0"},{"introduced":"2.4.1"},{"last_affected":"2.4.1"},{"introduced":"2.4.1-rc1"},{"last_affected":"2.4.1-rc1"},{"introduced":"2.4.1-rc0"},{"last_affected":"2.4.1-rc0"},{"introduced":"2.4.2"},{"last_affected":"2.4.2"},{"introduced":"2.4.2-rc1"},{"last_affected":"2.4.2-rc1"},{"introduced":"2.4.2-rc0"},{"last_affected":"2.4.2-rc0"},{"introduced":"2.5.0"},{"last_affected":"2.5.0"},{"introduced":"2.5.0-rc2"},{"last_affected":"2.5.0-rc2"},{"introduced":"2.5.0-rc0"},{"last_affected":"2.5.0-rc0"},{"introduced":"2.5.0-rc1"},{"last_affected":"2.5.0-rc1"}]}}],"versions":["2.2.2","2.2.2-rc0","2.2.2-rc1","2.4.0","2.4.1","2.4.1-rc0","2.4.2","2.4.2-rc0","2.5.0","2.5.0-rc0","2.5.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5655.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}