4. Common Vulnerabilities and Exposures
Ambari 2.2.1.0 includes fixes for the following information-security Common Vulnerabilities and Exposures (CVEs):
CVE-2016-0731: Restrict file:// access through Ambari File Browser View
Severity: Important
Vendor: Hortonworks
Versions Affected: Ambari 2.2.0 and All Ambari 2.1.x releases
Users Affected: All users of the Ambari File Browser View.
Impact: : See BUG-51550 and AMBARI-14780. An Ambari Administrator can configure the Ambari File Browser View to access local files by entering a file:// value as the WebHDFS URL configuration setting.
Recommended Action: Upgrade to Ambari 2.2.1.