Description

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.

INFO

Published Date :

2025-01-21T21:24:23.360Z

Last Modified :

2025-09-03T08:07:55.364Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2024-51941 vulnerability.

Vendors Products
Apache
  • Ambari
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-51941.

URL Resource
http://www.openwall.com/lists/oss-security/2025/01/21/9 cve-icon
https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact