CVE-2022-45855: Apache Ambari: Allows authenticated metrics consumers to perform RCE

[Brahma Reddy Battula <brahma () apache org>]

Affected versions:

- Apache Ambari 2.7.0 through 2.7.6

Description:

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user 
to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

Credit:

rg <18993610179 () 163 com> (finder)

References:

https://ambari.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-45855