Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability
CVE-2023-38156

7.2HIGH

Key Information:

Vendor: Microsoft
Status: Azure Hdinsight
Vendor: CVE Published:; 12 September 2023

Badges

📰 News Worthy

What is CVE-2023-38156?

A vulnerability has been identified in Azure HDInsight that allows attackers to exploit a JDBC injection flaw within the Apache Ambari interface. This weakness can lead to unauthorized elevation of privileges, potentially enabling an attacker to gain inappropriate access to system resources. Organizations using Azure HDInsight should promptly apply recommended mitigations and updates to safeguard their systems against potential exploitation of this vulnerability.

Affected Version(s)

Azure HDInsight Unknown 1.0 < 2308221128

News Articles

CVE-2023-36419 CVE-2023-38156

Microsoft Azure HDInsight Bugs Expose Big Data to Breaches

Security holes in a big data tool can open the door to big data compromises.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Dark Reading
Feb 6, 2024
Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Jul 12, 2023