Posted by Mark Felder on Apr 03

Hello,

The mapr web frontend component creates an information disclosure
vulnerability. During the setup of mapr the configure.sh script calls a
function ConfigureWSRole:

function ConfigureWSRole() {
if [ $clientOnly -eq 0 -a $dontChangeSecurityPermissionsOn -eq 0 ];
then
ConfigureRunUserForWS
fi

This calls ConfigureRunUserForWS from configure-common.sh:

function ConfigureRunUserForWS() {
local val=`getent group shadow…