oss-sec mailing list archives
CVE-2023-50378: Apache Ambari: Various XSS problems
From: Brahma Reddy Battula <brahma () apache org>
Date: Fri, 01 Mar 2024 14:31:18 +0000
Severity: important Affected versions: - Apache Ambari 2.7.0 through 2.7.7 Description: Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8 Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. Users are recommended to upgrade to version 2.7.8 which fixes this issue. References: https://ambari.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-50378
Current thread:
- CVE-2023-50378: Apache Ambari: Various XSS problems Brahma Reddy Battula (Mar 01)