CVE-2024-51941

HIGH

Ambari - Authenticated Code Injection

Title source: llm

Description

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.

References (2)

[Vendor Advisory] https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j

[Mailing List, Vendor Advisory] http://www.openwall.com/lists/oss-security/2025/01/21/9

Scores

CVSS v3 8.8

EPSS 0.0114

EPSS Percentile 78.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-94

Status published

Affected Products (1)

apache/ambari < 2.7.8

Timeline

Published Jan 21, 2025

Tracked Since Feb 18, 2026