4. Common Vulnerabilities and Exposures

Ambari includes fixes for the following information-security Common Vulnerabilities and Exposures (CVEs):

Fixed in Ambari 2.2.1

CVE-2016-0731: Restrict file:// access through Ambari File Browser View

Severity: Important

Vendor: Hortonworks

Versions Affected: Ambari 2.2.0 and All Ambari 2.1.x releases

Users Affected: All users of the Ambari File Browser View.

Impact: : See BUG-51550 and AMBARI-14780. An Ambari Administrator can configure the Ambari File Browser View to access local files by entering a file:// value as the WebHDFS URL configuration setting.

Recommended Action: Upgrade to Ambari 2.2.1.