Cross-Site Scripting Vulnerability in Apache Ambari by Apache
CVE-2015-3186

Currently unrated

Key Information:

Vendor: Apache
Status: Ambari
Vendor: CVE Published:; 2 November 2015

Summary

A cross-site scripting (XSS) vulnerability exists in Apache Ambari prior to version 2.1.0, allowing remote authenticated cluster operator users to inject arbitrary web scripts or HTML into the note field of configuration changes. This could lead to unauthorized access or manipulation of web pages, posing security risks to sensitive data and user interactions. It is essential to upgrade to a secure version and implement proper filtering to mitigate such vulnerabilities.

References

https://cwiki.apache.org/confluence/display/AMBARI/Ambari...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2015/10/13/1

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Nov 2, 2015
Vulnerability Reserved
Apr 10, 2015