CVE-2024-51941
Published: 21 January 2025
Description
A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.
Security Summary
CVE-2024-51941 is a remote code injection vulnerability (CWE-94) in the Ambari Metrics and AMS Alerts feature of Apache Ambari. The flaw arises during the processing of alert definitions, where malicious input can be injected into the alert script execution path, enabling authenticated users to execute arbitrary code. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-21.
An authenticated attacker can exploit this vulnerability remotely with low complexity and no user interaction required. By crafting malicious alert definitions, the attacker can inject and execute arbitrary commands on the Ambari server, potentially leading to full compromise of the system.
The vulnerability has been fixed in the latest versions of Ambari. Additional details are available in the Apache mailing list advisory at https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j and the OSS-Security announcement at http://www.openwall.com/lists/oss-security/2025/01/21/9.
Details
- CWE(s)