-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.ambari:ambari | maven | >= 2.0.0, < 2.4.0 | 2.4.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from passing KDC admin passwords as cleartext arguments to kadmin commands. The CVE description explicitly states the fix in 2.4.0 involved switching to passing credentials via STDIN instead of command-line arguments. The most logical location for this vulnerability would be in the Kerberos management code that interfaces with kadmin. While exact code isn't provided, the pattern matches common Java process execution patterns using Runtime.exec() or ProcessBuilder with password arguments. The KerberosServerAction class is a known component handling Kerberos operations in Ambari, making this a high-confidence identification.