CVE-2023-50379 – org.apache.ambari.contrib.views:ambari-contrib-views

Package

Manager: maven
Name: org.apache.ambari.contrib.views:ambari-contrib-views
Vulnerable Version: >=2.7.0 <2.7.8

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00669 pctl0.70428

Details

Apache Ambari: authenticated users could perform command injection to perform RCE Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.

Metadata

Created: 2024-02-27T09:31:16Z
Modified: 2025-02-13T19:10:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-rghc-9fhx-h32m/GHSA-rghc-9fhx-h32m.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-rghc-9fhx-h32m
Finding: F422
Auto approve: 1