CVE-2022-42009 & CVE-2022-45855: RCE bugs in Apache Ambari
The Apache Ambari Project has been the beacon of streamlined Hadoop management, offering an intuitive and user-friendly web UI complemented by robust RESTful APIs. Its prime objective lies in easing the burden of provisioning, managing, and monitoring Apache Hadoop clusters. However, even the most comprehensive solutions can fall prey to cyber threats, and Apache Ambari is no exception.
Two security vulnerabilities have recently surfaced, posing significant challenges to users leveraging Apache Ambari versions 2.7.0 through 2.7.6. Let’s delve deeper into these threats and the necessary protective measures users need to implement.
CVE-2022-42009: Remote Code Execution via Server Agent
The first vulnerability, CVE-2022-42009, is a notable case of Spring Expression Language (SpringEL) injection. In this case, a malicious authenticated user can execute arbitrary code remotely in the application’s context.
This flaw originates from the server agent in Apache Ambari, putting an array of Hadoop management operations at risk. An attacker could exploit this vulnerability, compromising the integrity of the Hadoop cluster and potentially gaining unauthorized access to sensitive data.
The recommended protective measure against this vulnerability is an immediate upgrade to Apache Ambari 2.7.7.
CVE-2022-45855: Authenticated Metrics Consumers Turn Threat
A similar SpringEL injection flaw, CVE-2022-45855, has also been identified within the metrics source in Apache Ambari. Again, this vulnerability allows a malicious authenticated user to execute arbitrary code remotely.
What sets this vulnerability apart is its potential exploitation by authenticated metrics consumers. Essentially, individuals or entities that are meant to monitor and analyze system performance could potentially pose a security threat, leading to unintended consequences.
Just as with CVE-2022-42009, the recommended solution is upgrading to Apache Ambari 2.7.7.
Towards Safer Hadoop Management
Users of Apache Ambari must act promptly, upgrading to version 2.7.7 to fortify their defenses against these security risks. This swift action is not only crucial for individual users but also contributes to the broader goal of creating a safer, more secure digital environment for all.