Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05cTZ2LXJ4bXctZzNnaM4AA5ry
Apache Ambari: Various Cross site scripting problems
Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8
Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads.
Users are recommended to upgrade to version 2.7.8 which fixes this issue.
Permalink: https://github.com/advisories/GHSA-9q6v-rxmw-g3ghJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05cTZ2LXJ4bXctZzNnaM4AA5ry
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 months ago
Updated: about 2 months ago
Identifiers: GHSA-9q6v-rxmw-g3gh, CVE-2023-50378
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-50378
- https://lists.apache.org/thread/6hn0thq743vz9gh283s2d87wz8tqh37c
- https://github.com/advisories/GHSA-9q6v-rxmw-g3gh
Affected Packages
maven:org.apache.ambari:ambari
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: < 2.7.8
Fixed in: 2.7.8
All affected versions:
All unaffected versions: