Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yZ2hjLTlmaHgtaDMybc4AA5hV
Apache Ambari: authenticated users could perform command injection to perform RCE
Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue.
Impact:
A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yZ2hjLTlmaHgtaDMybc4AA5hV
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 2 months ago
Updated: about 2 months ago
Identifiers: GHSA-rghc-9fhx-h32m, CVE-2023-50379
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-50379
- https://lists.apache.org/thread/jglww6h6ngxpo1r6r5fx7ff7z29lnvv8
- http://www.openwall.com/lists/oss-security/2024/02/27/1
- https://github.com/advisories/GHSA-rghc-9fhx-h32m
Affected Packages
maven:org.apache.ambari.contrib.views:ambari-contrib-views
Affected Version Ranges: >= 2.7.0, < 2.7.8Fixed in: 2.7.8