CVE-2023-50378

MEDIUM

Apache Ambari < 2.7.8 - Stored Cross-Site Scripting

Title source: llm

Description

Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8 Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. Users are recommended to upgrade to version 2.7.8 which fixes this issue.

References (2)

Core 2

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2024/03/01/5

Mailing List, Vendor Advisory vendor-advisory

https://lists.apache.org/thread/6hn0thq743vz9gh283s2d87wz8tqh37c

Scores

CVSS v3 6.1

EPSS 0.0205

EPSS Percentile 84.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

apache/ambari 2.7.0 - 2.7.8

org.apache.ambari/ambari 0 - 2.7.8Maven

Published Mar 01, 2024

Tracked Since Feb 18, 2026