CVE-2023-50379

CWE-94 — Code Injection4 documents4 sources

Severity

8.8HIGH

EPSS

0.9%

top 23.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Ambari Apache Software Foundation Apache Ambari

Timeline

PublishedFeb 27

Description

Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDapache/ambari< 2.7.8

▶Mavenorg.apache.ambari.contrib.views:ambari-contrib-views2.7.0 — 2.7.8

▶CVEListV5apache_software_foundation/apache_ambari2.7.0 — 2.7.7

🔴Vulnerability Details

CVEList

Apache Ambari: authenticated users could perform command injection to perform RCE↗2024-02-27

▶

OSV

Apache Ambari: authenticated users could perform command injection to perform RCE↗2024-02-27

▶

GHSA

Apache Ambari: authenticated users could perform command injection to perform RCE↗2024-02-27

▶