[ https://issues.apache.org/jira/browse/AMBARI-20825?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Juanjo Marron updated AMBARI-20825: ----------------------------------- Attachment: AMBARI-20825.patch > check_ambari_permissions.py does not run for all the files and directories > listed > --------------------------------------------------------------------------------- > > Key: AMBARI-20825 > URL: https://issues.apache.org/jira/browse/AMBARI-20825 > Project: Ambari > Issue Type: Bug > Affects Versions: 2.5.0, 2.4.2 > Reporter: Juanjo Marron > Assignee: Juanjo Marron > Fix For: 2.5.0 > > Attachments: AMBARI-20825.patch > > > ambari-server/src/main/resources/scripts/check_ambari_permissions.py script > introduced in branch 2.5.0 and published here > (https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.0) > to solve Public Vulnerability: > https://nvd.nist.gov/vuln/detail/CVE-2017-5642 > only works partially. > There is a bug and it will only handle the last directory/file when there > are multiple directories/files listed. > So the vulnerability is not totally resolved. > For example files under /etc/ambari-server/conf/ -such as ambari.properties- > are not revised -- This message was sent by Atlassian JIRA (v6.3.15#6346)