[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2023-50379: Apache Ambari: authenticated users could perform command injection to
From: Brahma Reddy Battula <brahma () apache ! org>
Date: 2024-02-27 3:14:44
Message-ID: 613550e8-1916-8110-251a-d844e3ed07d3 () apache ! org
[Download RAW message or body]
Severity: important
Affected versions:
- Apache Ambari 2.7.0 through 2.7.7
Description:
Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade \
to version 2.7.8, which fixes this issue.
Impact:
A Cluster Operator can manipulate the request by adding a malicious code injection and gain a \
root over the cluster main host.
References:
https://ambari.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-50379
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic