CVE-2023-23408
MEDIUMAzure HDInsight - Cross-Site Scripting in Apache Ambari
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2023-23408. PoCs published by Amirhossein Bahramizadeh.
AI-analyzed exploit summary This code is a minimal proof-of-concept for CVE-2023-23408, demonstrating header validation bypass in Azure Apache Ambari. It sends a GET request with specific headers but lacks exploit payload or malicious functionality.
Description
Azure Apache Ambari Spoofing Vulnerability
Exploits (1)
exploitdb
STUB
by Amirhossein Bahramizadeh · pythonremotemultiple
https://www.exploit-db.com/exploits/51546
This code is a minimal proof-of-concept for CVE-2023-23408, demonstrating header validation bypass in Azure Apache Ambari. It sends a GET request with specific headers but lacks exploit payload or malicious functionality.
Classification
Stub 80%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target:
Apache Ambari (Azure HDInsights)
Auth required
Prerequisites:
Access to Ambari API endpoint · Valid or spoofed authentication headers
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Patch, Vendor Advisory vendor-advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23408
Exploit, Third Party Advisory
http://packetstormsecurity.com/files/173134/Azure-Apache-Ambari-2302250400-Spoofing.html
Scores
CVSS v3
4.5
EPSS
0.0405
EPSS Percentile
89.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
microsoft/azure_hdinsight
Published
Mar 14, 2023
Tracked Since
Feb 18, 2026