CVE-2022-45855

CVSS V2 None CVSS V3 None
Description
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
Overview
  • CVE ID
  • CVE-2022-45855
  • Assigner
  • apache
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-07-12T09:59:44.492Z
  • Last Modified Date
  • 2023-07-12T09:59:44.492Z
References
Reference URL Reference Tags
https://lists.apache.org/thread/302c4hwfjy9lx63jrbhcdx948pxc54l1 vendor-advisory
History
Created Old Value New Value Data Type Notes
2024-06-24 17:53:36 Added to TrackCVE