CVE-2023-50380

XML External Entity injection in apache ambari versions

CVE-2023-50379

Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact:A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.

CVE-2023-50378

Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8 Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. Users are recommended to upgrade to vers...

CVE-2020-1936

A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.

CVE-2025-23195

An XML External Entity (XXE) vulnerability exists in the Ambari/Oozieproject, allowing an attacker to inject malicious XML entities. Thisvulnerability occurs due to insecure parsing of XML input using theDocumentBuilderFactory class without disabling external entityresolution. An attacker can explo...

CVE-2025-23196

A code injection vulnerability exists in the Ambari Alert Definitionfeature, allowing authenticated users to inject and execute arbitraryshell commands. The vulnerability arises when defining alert scripts,where the script filename field is executed using sh -c. An attackerwith authenticated access...

CVE-2018-8003

Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the Ambari Server is ru...

CVE-2015-5210

Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter.

CVE-2018-8042

Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.

CVE-2020-13924

In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.

CVE-2024-51941

A remote code injection vulnerability exists in the Ambari Metrics andAMS Alerts feature, allowing authenticated users to inject and executearbitrary code. The vulnerability occurs when processing alertdefinitions, where malicious input can be injected into the alert scriptexecution path. An attack...

CVE-2014-3582

In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.

CVE-2017-5655

In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.

CVE-2016-0707

The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories.

CVE-2015-4940

Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file.

CVE-2016-6807

Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agen...

CVE-2015-3186

Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change.

CVE-2022-42009

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

CVE-2015-4928

Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields.

CVE-2017-5654

In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.

CVE-2022-45855

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

CVE-2016-0731

The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.

CVE-2017-5642

During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.