'[oss-security] CVE-2023-50379: Apache Ambari: authenticated users could perform command injection to'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2023-50379: Apache Ambari: authenticated users could perform command injection to
From:       Brahma Reddy Battula <brahma () apache ! org>
Date:       2024-02-27 3:14:44
Message-ID: 613550e8-1916-8110-251a-d844e3ed07d3 () apache ! org
[Download RAW message or body]

Severity: important

Affected versions:

- Apache Ambari 2.7.0 through 2.7.7

Description:

Malicious code injection in Apache Ambari in prior to 2.7.8.  Users are recommended to upgrade \
to version 2.7.8, which fixes this issue.

Impact:
A Cluster Operator can manipulate the request by adding a malicious code injection and gain a \
root over the cluster main host.

References:

https://ambari.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-50379

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic