Lucene search
K

4 matches found

CVE
CVE
added 2024/02/27 8:27 a.m.3990 views

CVE-2023-50379

CVE-2023-50379 affects Apache Ambari prior to 2.7.8, enabling an authenticated attacker to inject malicious code by manipulating a request and achieve root access on the cluster’s main host. The vulnerability stems from a code-injection flaw in Ambari’s request handling, with impact described as ...

8.8CVSS9AI score0.01064EPSS
CVE
CVE
added 2021/03/02 9:0 a.m.79 views

CVE-2020-1936

Summary: CVE-2020-1936 is a cross-site scripting vulnerability in Apache Ambari Views . The issue arises from unfiltered user input in the view, enabling JS injection as described across multiple references. Impact/Scope: the vulnerability is tied to Ambari Views; CVSS metrics in the public entry...

6.1CVSS5.9AI score0.02864EPSS
CVE
CVE
added 2025/01/21 9:22 p.m.79 views

CVE-2025-23195

The CVE-2025-23195 XXE vulnerability affects Ambari/Oozie where XML input is parsed with DocumentBuilderFactory without disabling external entity resolution. This can enable an attacker to read arbitrary server files or trigger SSRF. Affected product version exposure is documented as fixed in Amb...

7.5CVSS6.5AI score0.00718EPSS
CVE
CVE
added 2025/01/21 9:23 p.m.73 views

CVE-2025-23196

CVE-2025-23196 describes a code injection vulnerability in the Ambari Alert Definition feature. An authenticated user can exploit the vulnerability when defining alert scripts, where the script filename field is executed via sh -c , enabling remote command execution on the server. Multiple connec...

8.8CVSS7.8AI score0.01236EPSS