oss-sec mailing list archives
CVE-2022-45855: Apache Ambari: Allows authenticated metrics consumers to perform RCE
From: Brahma Reddy Battula <brahma () apache org>
Date: Mon, 10 Jul 2023 14:02:27 +0000
Affected versions: - Apache Ambari 2.7.0 through 2.7.6 Description: SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. Credit: rg <18993610179 () 163 com> (finder) References: https://ambari.apache.org/ https://www.cve.org/CVERecord?id=CVE-2022-45855
Current thread:
- CVE-2022-45855: Apache Ambari: Allows authenticated metrics consumers to perform RCE Brahma Reddy Battula (Jul 10)