CVE-2023-50379: Apache Ambari: authenticated users could perform command injection to perform RCE

February 27, 2024 (updated March 1, 2024)

Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue.

Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.

References

github.com/advisories/GHSA-rghc-9fhx-h32m
github.com/apache/ambari
lists.apache.org/thread/jglww6h6ngxpo1r6r5fx7ff7z29lnvv8
nvd.nist.gov/vuln/detail/CVE-2023-50379

Detect and mitigate CVE-2023-50379 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →