oss-security - CVE-2024-51941: Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Message-ID: <a7a9dd27-ee19-88ac-5cd1-6a629c1e100e@apache.org>
Date: Tue, 21 Jan 2025 20:36:03 +0000
From: Viraj Jasani <vjasani@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2024-51941: Apache Ambari: Remote Code Injection in Ambari
 Metrics and AMS Alerts 

Severity: important

Affected versions:

- Apache Ambari through 2.7.8

Description:

A remote code injection vulnerability exists in the Ambari Metrics and 
AMS Alerts feature, allowing authenticated users to inject and execute 
arbitrary code. The vulnerability occurs when processing alert 
definitions, where malicious input can be injected into the alert script
 execution path. An attacker with authenticated access can exploit this 
vulnerability to execute arbitrary commands on the server. The issue has
 been fixed in the latest versions of Ambari.

This issue is being tracked as AMBARI-26202 

Credit:

4ra1n (https://github.com/4ra1n) (finder)
h4cking2thegate@...il.com (reporter)

References:

https://ambari.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-51941
https://issues.apache.org/jira/browse/AMBARI-26202

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.