Описание
Apache Ambari: authenticated users could perform command injection to perform RCE
Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue.
Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.
Пакеты
Наименование
org.apache.ambari.contrib.views:ambari-contrib-views
maven
Затронутые версииВерсия исправления
>= 2.7.0, < 2.7.8
2.7.8
Связанные уязвимости
CVSS3: 8.8
nvd
почти 2 года назад
Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.