Ambari RCE via Alert Script Injection
CVE-2024-51941 Published on January 21, 2025
Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts
A remote code injection vulnerability exists in the Ambari Metrics and
AMS Alerts feature, allowing authenticated users to inject and execute
arbitrary code. The vulnerability occurs when processing alert
definitions, where malicious input can be injected into the alert script
execution path. An attacker with authenticated access can exploit this
vulnerability to execute arbitrary commands on the server. The issue has
been fixed in the latest versions of Ambari.
Vulnerability Analysis
CVE-2024-51941 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Code Injection Vulnerability?
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2024-51941 has been classified to as a Code Injection vulnerability or weakness.
Products Associated with CVE-2024-51941
Want to know whenever a new CVE is published for Apache Ambari? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Ambari:- Before and including 2.7.8 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.