CVE-2023-50379

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
27/02/2024
Last modified:
05/05/2025

Description

Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue.<br /> <br /> Impact:<br /> A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:ambari:*:*:*:*:*:*:*:* 2.7.8 (excluding)