Re: CVE-2023-50378: Apache Ambari: Various XSS problems

Jialiang Cai Fri, 01 Mar 2024 21:59:27 -0800

Which issue addresses this vulnerability? Can it be merged into 2.8?

> On Mar 1, 2024, at 22:31, Brahma Reddy Battula <bra...@apache.org> wrote:
> 
> Severity: important
> 
> Affected versions:
> 
> - Apache Ambari 2.7.0 through 2.7.7
> 
> Description:
> 
> Lack of proper input validation and constraint enforcement in Apache Ambari 
> prior to 2.7.8  
> 
>  Impact : As it will be stored XSS, Could be exploited to perform 
> unauthorized actions, varying from data access to session hijacking and 
> delivering malicious payloads. 
> 
> Users are recommended to upgrade to version  2.7.8 which fixes this issue.
> 
> References:
> 
> https://ambari.apache.org/
> https://www.cve.org/CVERecord?id=CVE-2023-50378
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@ambari.apache.org
> For additional commands, e-mail: user-h...@ambari.apache.org
>



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@ambari.apache.org
For additional commands, e-mail: user-h...@ambari.apache.org

Re: CVE-2023-50378: Apache Ambari: Various XSS problems

Reply via email to