You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Andrew Onischuk (JIRA)" <ji...@apache.org> on 2015/02/18 14:24:11 UTC
[jira] [Created] (AMBARI-9689) Vulnerability issue: possible to
make code injection with hosts bootstrap request
Andrew Onischuk created AMBARI-9689:
---------------------------------------
Summary: Vulnerability issue: possible to make code injection with hosts bootstrap request
Key: AMBARI-9689
URL: https://issues.apache.org/jira/browse/AMBARI-9689
Project: Ambari
Issue Type: Bug
Reporter: Andrew Onischuk
Assignee: Andrew Onischuk
Fix For: 2.0.0
**STR**
1. Proceed to step 2 of Install Wizard.
2. Check SSH hosts registration.
3. Customize SSH user account with typing into corresponding field something like `root; rm -rf /tmp;`
**AR**
1. The code above is executed.
2. Hosts bootstrap isn't succeeded.
**ER**
Some FE/BE validation/handling needed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)