4 matches found
CVE-2023-50380
XML External Entity injection in apache ambari versions = 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The...
CVE-2023-50380
creationtimestamp| type| source ---|---|--- 2024-02-27 18:31:29+00:00| seen| https://t.me/ctinow/194707 2024-02-27 18:36:50+00:00| seen| https://t.me/ctinow/194722...
CVE-2023-50380
XML External Entity injection in apache ambari versions = 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The...
CVE-2023-50380
CVE-2023-50380 describes an XML External Entity (XXE) injection in Apache Ambari (affecting versions ≤ 2.7.7) due to improper input validation in the Oozie Workflow Scheduler. The issue could allow reading arbitrary server files (root-level) and may enable privilege escalation from low-privilege ...