Description
A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.
References (2)
Core 2
Core References
Mailing List, Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/01/21/9
Vendor Advisory vendor-advisory
https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j
Scores
CVSS v3
8.8
EPSS
0.0085
EPSS Percentile
75.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
apache/ambari
< 2.7.8
Published
Jan 21, 2025
Tracked Since
Feb 18, 2026