CVE-2024-51941

Sažetak

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.

Reference

https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j
http://www.openwall.com/lists/oss-security/2025/01/21/9

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

21-01-2025 - 23:15

Objavljeno

21-01-2025 - 22:15