CVE-2023-50378: Apache Ambari: Various Cross site scripting problems

March 1, 2024 (updated October 3, 2024)

Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8

Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads.

Users are recommended to upgrade to version 2.7.8 which fixes this issue.

References

github.com/advisories/GHSA-9q6v-rxmw-g3gh
github.com/apache/ambari
lists.apache.org/thread/6hn0thq743vz9gh283s2d87wz8tqh37c
nvd.nist.gov/vuln/detail/CVE-2023-50378

Detect and mitigate CVE-2023-50378 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →