oss-sec mailing list archives

Re: CVE-2022-42009: Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application.

From: Brandon Perry <bperry.volatile () gmail com>
Date: Mon, 10 Jul 2023 10:08:22 -0500

Do you have an example proof of concept or a bug link for this?

On Mon, Jul 10, 2023 at 10:06 AM Brahma Reddy Battula <brahma () apache org>
wrote:

Affected versions:

- Apache Ambari 2.7.0 through 2.7.6

Description:

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to
2.7.6 allows a malicious authenticated user to execute arbitrary code
remotely. Users are recommended to upgrade to 2.7.7.

Credit:

Jecki Go (jecgo () visa com) (finder)

References:

https://ambari.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-42009

Current thread:

CVE-2022-42009: Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application. Brahma Reddy Battula (Jul 10)
- Re: CVE-2022-42009: Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application. Brandon Perry (Jul 10)
  - Re: CVE-2022-42009: Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application. Solar Designer (Jul 11)