In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.

Related CVEs

CVE-2020-13924

Key Information

GHSA ID

GHSA-vh54-r2r8-v2g2

Published

May 24, 2022 5:44 PM

Last Modified

May 24, 2022 5:44 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: November 25, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.