CVE-2023-50379

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-50379
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50379.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-50379
Aliases
Published
2024-02-27T09:15:36Z
Modified
2025-05-17T14:21:23.788252Z
Summary
[none]
Details

Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue.

Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.

References

Affected packages

Git / github.com/apache/ambari

Affected ranges

Type
GIT
Repo
https://github.com/apache/ambari
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
da8f1b9b5a799bfa8e2d8aa9ab31d6d5a1cc31a0

Affected versions

release-2.*

release-2.7.0
release-2.7.0-rc0
release-2.7.1
release-2.7.1-rc0
release-2.7.3
release-2.7.3-rc0
release-2.7.3-rc1
release-2.7.3-rc2
release-2.7.4
release-2.7.4-rc0
release-2.7.5
release-2.7.5-rc0
release-2.7.6
release-2.7.6-rc0
release-2.7.6-rc1