CVE-2020-13924

Description

In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.

Affected Software
References

Software	From	Fixed in
apache / ambari	-	2.6.2.2.x

https://mail-archives.apache.org/mod_mbox/ambari-user/202102.mbox/%3CCAEJYuxEQZ_aPwJdAaSxPu-Dva%3Dhc7zZUx3-pzBORbd23g%2BGH1A%40mail.gmail.com%3E

Severity: High

CVE: CVE-2020-13924
Published: Mar 17, 2021
Updated: Apr 13, 2023
Exploit:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-22

A5 - Broken Access Control

CVE-2020-13924

Description

Details

CVSS v3

CVSS v2

CWEs

OWASP TOP 10