Malicious Code Injection in Apache Ambari Prior to 2.7.8
CVE-2023-50379

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Ambari
Vendor: CVE Published:; 27 February 2024

Summary

Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue.

Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.

Affected Version(s)

Apache Ambari 2.7.0 <= 2.7.7

References

https://lists.apache.org/thread/jglww6h6ngxpo1r6r5fx7ff7z...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/02/27/1

Timeline

Vulnerability published
Feb 27, 2024
Vulnerability Reserved
Dec 7, 2023

.