Which issue addresses this vulnerability? Can it be merged into 2.8? > On Mar 1, 2024, at 22:31, Brahma Reddy Battula <bra...@apache.org> wrote: > > Severity: important > > Affected versions: > > - Apache Ambari 2.7.0 through 2.7.7 > > Description: > > Lack of proper input validation and constraint enforcement in Apache Ambari > prior to 2.7.8 > > Impact : As it will be stored XSS, Could be exploited to perform > unauthorized actions, varying from data access to session hijacking and > delivering malicious payloads. > > Users are recommended to upgrade to version 2.7.8 which fixes this issue. > > References: > > https://ambari.apache.org/ > https://www.cve.org/CVERecord?id=CVE-2023-50378 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@ambari.apache.org > For additional commands, e-mail: user-h...@ambari.apache.org >
--------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@ambari.apache.org For additional commands, e-mail: user-h...@ambari.apache.org