CVE-2023-50378

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-50378

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50378.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-50378

Aliases

GHSA-9q6v-rxmw-g3gh

Published

2024-03-01T15:15:08Z

Modified

2025-07-01T15:19:12.431387Z

Summary

[none]

Details

Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8

Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads.

Users are recommended to upgrade to version 2.7.8 which fixes this issue.

References

Affected packages

Git / github.com/apache/ambari

Affected ranges

Type: GIT
Repo: https://github.com/apache/ambari
Events: Introduced

da4e607a48033ab1f359b3ace302fcf29d823e38

Fixed

da8f1b9b5a799bfa8e2d8aa9ab31d6d5a1cc31a0

Affected versions

release-2.*

release-2.7.0

release-2.7.0-rc0

release-2.7.1

release-2.7.1-rc0

release-2.7.3

release-2.7.3-rc0

release-2.7.3-rc1

release-2.7.3-rc2

release-2.7.4

release-2.7.4-rc0

release-2.7.5

release-2.7.5-rc0

release-2.7.6

release-2.7.6-rc0

release-2.7.6-rc1