CVE-2023-50379

Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact:A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.

CVE-2025-23196

A code injection vulnerability exists in the Ambari Alert Definitionfeature, allowing authenticated users to inject and execute arbitraryshell commands. The vulnerability arises when defining alert scripts,where the script filename field is executed using sh -c. An attackerwith authenticated access...

CVE-2018-8042

Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.

CVE-2024-51941

A remote code injection vulnerability exists in the Ambari Metrics andAMS Alerts feature, allowing authenticated users to inject and executearbitrary code. The vulnerability occurs when processing alertdefinitions, where malicious input can be injected into the alert scriptexecution path. An attack...

CVE-2022-42009

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

CVE-2022-45855

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.