4 matches found
CVE-2023-50379
CVE-2023-50379 affects Apache Ambari prior to 2.7.8, enabling an authenticated attacker to inject malicious code by manipulating a request and achieve root access on the cluster’s main host. The vulnerability stems from a code-injection flaw in Ambari’s request handling, with impact described as ...
CVE-2020-1936
Summary: CVE-2020-1936 is a cross-site scripting vulnerability in Apache Ambari Views . The issue arises from unfiltered user input in the view, enabling JS injection as described across multiple references. Impact/Scope: the vulnerability is tied to Ambari Views; CVSS metrics in the public entry...
CVE-2025-23195
The CVE-2025-23195 XXE vulnerability affects Ambari/Oozie where XML input is parsed with DocumentBuilderFactory without disabling external entity resolution. This can enable an attacker to read arbitrary server files or trigger SSRF. Affected product version exposure is documented as fixed in Amb...
CVE-2025-23196
CVE-2025-23196 describes a code injection vulnerability in the Ambari Alert Definition feature. An authenticated user can exploit the vulnerability when defining alert scripts, where the script filename field is executed via sh -c , enabling remote command execution on the server. Multiple connec...