github - ghsa-g359-p277-83p3

ghsa-g359-p277-83p3

Vulnerability from github

Published

2025-01-22 00:33

Modified

2025-01-22 15:32

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2024-51941",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-75",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2025-01-21T22:15:12Z",
      severity: "HIGH",
   },
   details: "A remote code injection vulnerability exists in the Ambari Metrics and \nAMS Alerts feature, allowing authenticated users to inject and execute \narbitrary code. The vulnerability occurs when processing alert \ndefinitions, where malicious input can be injected into the alert script\n execution path. An attacker with authenticated access can exploit this \nvulnerability to execute arbitrary commands on the server. The issue has\n been fixed in the latest versions of Ambari.",
   id: "GHSA-g359-p277-83p3",
   modified: "2025-01-22T15:32:33Z",
   published: "2025-01-22T00:33:36Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2024-51941",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j",
      },
      {
         type: "WEB",
         url: "http://www.openwall.com/lists/oss-security/2025/01/21/9",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
         type: "CVSS_V3",
      },
   ],
}

cve-2024-51941

Vulnerability from cvelistv5

Published

2025-01-21 21:24

Modified

2025-01-22 14:46

Severity ?

Summary

References

▼	URL	Tags
	https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j	vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Ambari	Version: 0 ≤ 2.7.8

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2025-01-21T23:02:41.810Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  url: "http://www.openwall.com/lists/oss-security/2025/01/21/9",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 8.8,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "LOW",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2024-51941",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-22T14:45:35.332834Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-22T14:46:09.923Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Apache Ambari",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     lessThanOrEqual: "2.7.8",
                     status: "affected",
                     version: "0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               value: "4ra1n (https://github.com/4ra1n)",
            },
            {
               lang: "en",
               type: "reporter",
               value: "h4cking2thegate@gmail.com",
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "A remote code injection vulnerability exists in the Ambari Metrics and \nAMS Alerts feature, allowing authenticated users to inject and execute \narbitrary code. The vulnerability occurs when processing alert \ndefinitions, where malicious input can be injected into the alert script\n execution path. An attacker with authenticated access can exploit this \nvulnerability to execute arbitrary commands on the server. The issue has\n been fixed in the latest versions of Ambari.",
                  },
               ],
               value: "A remote code injection vulnerability exists in the Ambari Metrics and \nAMS Alerts feature, allowing authenticated users to inject and execute \narbitrary code. The vulnerability occurs when processing alert \ndefinitions, where malicious input can be injected into the alert script\n execution path. An attacker with authenticated access can exploit this \nvulnerability to execute arbitrary commands on the server. The issue has\n been fixed in the latest versions of Ambari.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     text: "important",
                  },
                  type: "Textual description of severity",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-75",
                     description: "CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-21T21:24:23.360Z",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j",
            },
         ],
         source: {
            defect: [
               "AMBARI-26202",
            ],
            discovery: "UNKNOWN",
         },
         title: "Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts",
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2024-51941",
      datePublished: "2025-01-21T21:24:23.360Z",
      dateReserved: "2024-11-04T11:47:16.721Z",
      dateUpdated: "2025-01-22T14:46:09.923Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted