CVE-2023-50380: Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server

CVE-2023-50380: Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server

Open Source Security [[{„value“:“

Posted by Brahma Reddy Battula on Feb 27

Severity: important

Affected versions:

– Apache Ambari 2.7.0 through 2.7.7

Description:

XML External Entity injection in apache ambari versions <= 2.7.7, Users are recommended to upgrade to version 2.7.8,
which fixes this issue.

More Details:

Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from
low-privilege users. The vulnerability was caused through lack of proper user…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert