The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Apache
Ambari
NVD
CVSS 3.0
3.3
EPSS
0.1%