...
Mitigation: Ambari users should upgrade to version 2.5.0 or above; or for users of Version 2.4.0 through Version 2.4.2, a script provided with Version 2.5.0 may be executed to correct the ACLs on Ambari server artifacts.
The proper ACL's are set for installed Ambari artifacts in Ambari versions 2.5.0 and later. However, users of Version 2.4.0 through 2.4.2 may execute the script found at https://github.com/apache/ambari/blob/release-2.5.0/ambari-server/src/main/resources/scripts/check_ambari_permissions.py to fix the permissions on Ambari server artifacts on the Ambari server host.
Credit: Hortonworks
Fixed in Ambari 2.4.3
...
CVE-2017-5654: XML injection vulnerability in Hive View
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: 2.4.0 to 2.5.0 (inclusive)
Versions Fixed: 2.4.3, 2.5.1
Description: An authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Amari server executes.
Access to files are limit to the set of files for which the user that executes the Ambari server has read access.
Mitigation: Ambari users should upgrade to version 2.4.3; or version 2.5.1 or above.
Credit: New York Life Insurance Company
Fixed in Ambari 2.4.2
...
CVE-2016-6807: Custom commands may be executed without authorization
...