Uploaded image for project: 'Ambari (Retired)'
  1. Ambari (Retired)
  2. AMBARI-25369

SSTI in Ambari config

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Critical
    • Resolution: Unresolved
    • 1.7.0, 2.7.3
    • None
    • ambari-admin
    • Tested in 2.7.3, 1.7.0

    Description

      Hello, i found SSTI to RCE vulnerability in Apache ambari, and i send three mails with technical details to  private@ambari.apache.org,  security@apache.org and  root@apache.org

      In dates: 4 jul 2019, 8 aug 2019, and 24 aug 2019, but you not responce, bug is critical, and i want cve approve, help me?

      best regards

      Attachments

        Activity

          People

            mpapirkovskyy Papirkovskyy Myroslav
            truwa Trunin Mikhail
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: