Microsoft Azure HDInsight Bugs Expose Big Data to Breaches
02-Feb-24
One of the new escalation bugs affects Apache Ambari, an open source tool that simplifies Apache Hadoop cluster deployment, management, and monitoring.
CVE-2023-38156, assigned a “high” 7.2 out of 10 score on the CVSS scale, concerns the URL endpoint associated with Java Database Connectivity (JDBC), a Java application programming interface (API) responsible for defining how a client may access a database. By manipulating the JDBC endpoint, the researchers discovered they could successfully drop a reverse shell and escalate from regular user privileges to root access in a Hadoop cluster.
