Bug 1273028 - (CVE-2015-1775, CVE-2015-3186, CVE-2015-3270, CVE-2015-5210) CVE-2015-5210 CVE-2015-3186 CVE-2015-3270 CVE-2015-1775 Apache Ambari: multiple flaws fixed in 2.1.2
CVE-2015-5210 CVE-2015-3186 CVE-2015-3270 CVE-2015-1775 Apache Ambari: multip...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 1273029
  Show dependency treegraph
Reported: 2015-10-19 08:26 EDT by Martin Prpič
Modified: 2015-10-19 14:51 EDT (History)
3 users (show)

See Also:
Fixed In Version: ambari 2.1.2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Martin Prpič 2015-10-19 08:26:28 EDT
Four flaws were reported in Apache Ambari:

CVE-2015-5210: Unvalidated Redirects and Forwards using targetURI parameter can enable phishing exploits
Versions Affected: 1.7.0 to 2.1.1
Versions Fixed: 2.1.2
Description: A redirect to an untrusted server is possible via unvalidated input that specifies a redirect URL upon 
successful login.

CVE-2015-3186: Apache Ambari XSS vulnerability
Versions Affected: 1.7.0 to 2.0.2
Versions Fixed: 2.1.0
Description: Ambari allows authenticated cluster operator users to specify arbitrary text as a note when saving 
configuration changes. This note field is rendered as is (unescaped HTML).  This exposes opportunities for XSS.

CVE-2015-3270: A non-administrative user can escalate themselves to have administrative privileges remotely
Versions Affected: 1.7.0, 2.0.0, 2.0.1, 2.1.0
Versions Fixed: 2.0.2, 2.1.1
Description: An authenticated user can remotely escalate his/her permissions to administrative level. This can escalate 
their privileges for access through the API as well from the UI.

CVE-2015-1775: Apache Ambari Server Side Request Forgery vulnerability
Versions Affected: 1.5.0 to 2.0.2
Versions Fixed: 2.1.0
Description: Ambari exposes a proxy endpoint through “api/v1/proxy” that can be used make REST calls to arbitrary 
host:port that are accessible from the Ambari server host. Ability to make these calls is limited to Ambari 
authenticated users only. In addition, an user need to be Ambari admin user to make the REST calls using METHODs other 
than GET (non-admin users can only call GET). This ability to call allows malicious users to perform port scans and/or 
access unsecured services visible to the Ambari Server host through the proxy endpoint. In addition Ambari provides an 
utility to handle such proxy calls that are used by View instances hosted by Ambari

External References:

Comment 1 Martin Prpič 2015-10-19 08:27:13 EDT
Created ambari tracking bugs for this issue:

Affects: fedora-all [bug 1273029]

Note You need to log in before you can comment on or make changes to this bug.