oss-sec mailing list archives
CVE-2023-50379: Apache Ambari: authenticated users could perform command injection to perform RCE
From: Brahma Reddy Battula <brahma () apache org>
Date: Tue, 27 Feb 2024 03:14:44 +0000
Severity: important Affected versions: - Apache Ambari 2.7.0 through 2.7.7 Description: Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host. References: https://ambari.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-50379
Current thread:
- CVE-2023-50379: Apache Ambari: authenticated users could perform command injection to perform RCE Brahma Reddy Battula (Feb 26)