VDB

GCVE-110-CLOUD-2024-0051

GCVE-110-CLOUD-2024-0051
Advisory Published
Vulnetix · Advisory published February 6, 2024
Three privilege escalation and denial-of-service vulnerabilities were discovered in Azure HDinsight, related to their usage of Apache Oozie and Ambari. The root cause of at least one of these vulnerabilities is a flaw in Apache Oozie itself, leading to regex denial-of-service (ReDoS). The other two vulnerabilities could allow an authenticated attacker with HDI cluster access to gain cluster administrator privileges and perform any resource service management operation. The vulnerabilities were patched in the October 2023 security update of Azure HDinsight.

Affected Products

VendorProductVersionsPlatforms
AzureHDInsight
AzureCloud Services

References

advisory
advisory
advisory
advisory

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›