CVE-2024-51941

21.01.2025, 22:15

A remote code injection vulnerability exists in the Ambari Metrics and
AMS Alerts feature, allowing authenticated users to inject and execute
arbitrary code. The vulnerability occurs when processing alert
definitions, where malicious input can be injected into the alert script
execution path. An attacker with authenticated access can exploit this
vulnerability to execute arbitrary commands on the server. The issue has
been fixed in the latest versions of Ambari.

Special Element Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
apache	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 57%

Common Weakness Enumeration

CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
The software does not adequately filter user-controlled input for special elements with control implications.

References

https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j

http://www.openwall.com/lists/oss-security/2025/01/21/9