In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-02-13T16:27:28.694Z

Reserved: 2020-06-08T00:00:00.000Z

Link: CVE-2020-13924

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-17T09:15:11.983

Modified: 2024-11-21T05:02:09.543

Link: CVE-2020-13924

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.