CVE-2024-51941

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-75
View all →

Vulnerability Description

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.

Related Vulnerabilities

CVE-2021-39174

HIGH
CVSS:8.8(High)

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv fi...

CWE-752021

CVE-2023-23912

HIGH
CVSS:8.8(High)

A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhc...

CWE-752023

CVE-2023-27533

HIGH
CVSS:8.8(High)

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server...

CWE-752023

CVE-2024-31809

HIGH
CVSS:8.8(High)

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.

CWE-752024

CVE-2024-37779

HIGH
CVSS:8.8(High)

WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.

CWE-752024

CVE-2023-1758

HIGH
CVSS:8.9(High)

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CWE-752023