CVE-2023-50379

CVE-2023-50379: Apache Ambari: authenticated users could perform command injection to perform RCE

Vendor Apache Software Foundation

Product Apache Ambari

Weakness CWE-94 · Code injection

Published February 27, 2024

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.

Key dates

Disclosure timeline

February 27, 2024 CVE published

February 13, 2025 Record updated