CVE-2024-51941

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-51941
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51941.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-51941
Published
2025-01-21T22:15:12.447Z
Modified
2026-03-14T12:39:42.009222Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.

References

Affected packages

Git / github.com/apache/ambari

Affected ranges

Type
GIT
Repo
https://github.com/apache/ambari
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
da8f1b9b5a799bfa8e2d8aa9ab31d6d5a1cc31a0
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.8"
        }
    ]
}

Affected versions

release-2.*
release-2.7.0
release-2.7.0-rc0
release-2.7.1
release-2.7.1-rc0
release-2.7.3
release-2.7.3-rc0
release-2.7.3-rc1
release-2.7.3-rc2
release-2.7.4
release-2.7.4-rc0
release-2.7.5
release-2.7.5-rc0
release-2.7.6
release-2.7.6-rc0
release-2.7.6-rc1
release-2.7.8
release-2.7.8-rc0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51941.json"