{"schema_version": "1.6.1", "id": "CVE-2023-50379", "summary": "authenticated users could perform command injection to perform RCE", "details": "Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue.\n\nImpact:\nA Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.\n\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "2.7.0"}, {"last_affected": "2.7.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/jglww6h6ngxpo1r6r5fx7ff7z29lnvv8"}]}