Apache Ambari Prior to 2.7.8 Vulnerable to XSS Attacks
CVE-2023-50378

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Ambari
Vendor: CVE Published:; 1 March 2024

Summary

Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8

Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads.

Users are recommended to upgrade to version 2.7.8 which fixes this issue.

Affected Version(s)

Apache Ambari 2.7.0 <= 2.7.7

References

https://lists.apache.org/thread/6hn0thq743vz9gh283s2d87wz...

vendor-advisory

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Dec 7, 2023