Apache

Ambari

26 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-23196

  • EPSS 0.49%
  • Published 21.01.2025 22:15:12
  • Last modified 09.06.2025 19:42:00

A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is exe...

7.5

CVE-2025-23195

  • EPSS 0.13%
  • Published 21.01.2025 22:15:12
  • Last modified 09.06.2025 19:36:09

An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the `DocumentBuilderFactory` class without d...

8.8

CVE-2024-51941

  • EPSS 0.72%
  • Published 21.01.2025 22:15:12
  • Last modified 02.10.2025 01:40:36

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be ...

6.1

CVE-2023-50378

  • EPSS 1.14%
  • Published 01.03.2024 15:15:08
  • Last modified 28.05.2025 19:55:25

Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8    Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicio...

6.5

CVE-2023-50380

  • EPSS 0.1%
  • Published 27.02.2024 17:15:11
  • Last modified 27.03.2025 20:15:20

XML External Entity injection in apache ambari versions <= 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and pri...

8.8

CVE-2023-50379

  • EPSS 0.67%
  • Published 27.02.2024 09:15:36
  • Last modified 05.05.2025 21:01:27

Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over t...

8.8

CVE-2022-45855

  • EPSS 0.19%
  • Published 12.07.2023 10:15:09
  • Last modified 21.11.2024 07:29:50

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

8.8

CVE-2022-42009

  • EPSS 0.19%
  • Published 12.07.2023 10:15:09
  • Last modified 21.11.2024 07:24:15

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

7.5

CVE-2020-13924

Exploit
  • EPSS 0.84%
  • Published 17.03.2021 09:15:11
  • Last modified 21.11.2024 05:02:09

In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.

6.1

CVE-2020-1936

  • EPSS 0.89%
  • Published 02.03.2021 09:15:12
  • Last modified 21.11.2024 05:11:39

A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.