CVE-2020-13924: Apache Ambari Arbitrary File Download Vulnerability Alert
Apache Ambari is a software project of the Apache Software Foundation. Ambari enables system administrators to provision, manage and monitor a Hadoop cluster, and also to integrate Hadoop with the existing enterprise infrastructure. Ambari was a sub-project of Hadoop but is now a top-level project in its own right.
This vulnerability is mainly due to the use of “String requestURI = httpRequest.getRequestURI();” in the authentication filter (org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter)：
Because when the web server processes the request, when accessing a path like “/everyone-has-permission path/..;/admin-has-permission-path”, the web server will return the resource “admin-has-permission- path”,
but “httpRequest.getRequestURI()” in the filter will return the path “/everyone-has-permission-path/..;/admin-has-permission-path”, so in the following code Will result in permission to pass the match：
In fact, when I need to access the api under “/users.*”, I only need to use “/bootstrap/..;/users” to bypass certain authentication checks.
Of course, the APIs under “users.*” may require certain permissions to access, but this is just an example, which means that in this way, you will be able to bypass the authentication check to access other APIs that require authentication to access.
- Apache Ambari <= 184.108.40.206
The affected users are requested to upgrade to the unaffected version as soon as possible.