CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-51941: Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts

Description

A remote code injection vulnerability exists in the Ambari Metrics and
AMS Alerts feature, allowing authenticated users to inject and execute
arbitrary code. The vulnerability occurs when processing alert
definitions, where malicious input can be injected into the alert script
execution path. An attacker with authenticated access can exploit this
vulnerability to execute arbitrary commands on the server. The issue has
been fixed in the latest versions of Ambari.

Classification

CVE ID: CVE-2024-51941

Affected Products

Vendor: Apache Software Foundation

Product: Apache Ambari

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.7% (scored less or equal to compared to others)

EPSS Date: 2025-02-19 (when was this score calculated)

References

https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j

Timeline

2025-01-22 00:30:27 UTC
CVE

Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts