CVE-2023-50378

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-50378
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50378.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-50378
Aliases
Published
2024-03-01T15:15:08Z
Modified
2025-05-29T10:46:05.557066Z
Summary
[none]
Details

Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8  

 Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads.

Users are recommended to upgrade to version 2.7.8 which fixes this issue.

References

Affected packages

Git / github.com/apache/ambari

Affected ranges

Type
GIT
Repo
https://github.com/apache/ambari
Events

Affected versions

release-2.*

release-2.7.0
release-2.7.0-rc0
release-2.7.1
release-2.7.1-rc0
release-2.7.3
release-2.7.3-rc0
release-2.7.3-rc1
release-2.7.3-rc2
release-2.7.4
release-2.7.4-rc0
release-2.7.5
release-2.7.5-rc0
release-2.7.6
release-2.7.6-rc0
release-2.7.6-rc1