Description
SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
Remediation
References
https://lists.apache.org/thread/6xf477ttz1oxmg0bx0tpdoz2mlqd7sbc
Related Vulnerabilities
CVE-2023-46243 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2023-29471 Vulnerability in maven package com.typesafe.akka:akka-stream-kafka
CVE-2021-21627 Vulnerability in maven package org.jenkins-ci.plugins:libvirt-slave
CVE-2020-2261 Vulnerability in maven package org.jenkins-ci.plugins:perfecto