CVE-2025-23195

An XML External Entity (XXE) vulnerability exists in the Ambari/Oozieproject, allowing an attacker to inject malicious XML entities. Thisvulnerability occurs due to insecure parsing of XML input using theDocumentBuilderFactory class without disabling external entityresolution. An attacker can explo...

CVE-2020-13924

In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.

CVE-2017-5654

In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.