Microsoft Azure HDInsight Bugs Expose Big Data to Breaches


One of the new escalation bugs affects Apache Ambari, an open source tool that simplifies Apache Hadoop cluster deployment, management, and monitoring.

CVE-2023-38156, assigned a “high” 7.2 out of 10 score on the CVSS scale, concerns the URL endpoint associated with Java Database Connectivity (JDBC), a Java application programming interface (API) responsible for defining how a client may access a database. By manipulating the JDBC endpoint, the researchers discovered they could successfully drop a reverse shell and escalate from regular user privileges to root access in a Hadoop cluster.

Read More…