QID 379428

Date Published: 2024-03-18

QID 379428: Apache Ambari Multiple Vulnerabilities (CVE-2023-50379,CVE-2023-50380)

Apache Ambari is a software project of the Apache Software Foundation. Ambari enables system administrators to provision, manage and monitor a Hadoop cluster, and also to integrate Hadoop with the existing enterprise infrastructure.
CVE-2023-50379: Authenticated users could perform command injection to perform RCE.
CVE-2023-50380: Authenticated users could perform XXE to read arbitrary files on the server.

Affected Version:
Apache Ambari 2.7.0 to 2.7.7

QID Detection Logic:(Authenticated)
This QID checks if vulnerable version of Apache Ambari is running or not by checking "/var/lib/ambari-server/resources/version"

Successful exploitation could lead attacker by adding a malicious code injection and gain a root over the cluster main host.

  • CVSS V3 rated as Medium - 5.4 severity.
  • CVSS V2 rated as Low - 2.1 severity.
    • Solution
    Customers are advised to update Apache Ambari to 2.7.8
    Vendor References

    CVEs related to QID 379428

    CVE-2023-50379 | CVE-2023-50380 |
    Software Advisories
    Advisory ID Software Component Link
    Apache Ambari URL Logo lists.apache.org/thread/qrt7mq7v7zyrh1qsh1gkg1m7clysvy32
    Apache Ambari URL Logo lists.apache.org/thread/jglww6h6ngxpo1r6r5fx7ff7z29lnvv8
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].