Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS05cTZ2LXJ4bXctZzNnaM4AA5ry

Apache Ambari: Various Cross site scripting problems

Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8

Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads.

Users are recommended to upgrade to version 2.7.8 which fixes this issue.

Permalink: https://github.com/advisories/GHSA-9q6v-rxmw-g3gh
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05cTZ2LXJ4bXctZzNnaM4AA5ry
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 9 months ago
Updated: about 2 months ago

CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-9q6v-rxmw-g3gh, CVE-2023-50378
References:

Blast Radius: 1.0

Affected Packages

maven:org.apache.ambari:ambari

Dependent packages: 0
Dependent repositories: 0
Downloads:
Affected Version Ranges: < 2.7.8
Fixed in: 2.7.8
All affected versions:
All unaffected versions: