CVE-2023-50378

Sažetak

Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8 Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. Users are recommended to upgrade to version 2.7.8 which fixes this issue.

Reference

https://lists.apache.org/thread/6hn0thq743vz9gh283s2d87wz8tqh37c
http://www.openwall.com/lists/oss-security/2024/03/01/5
https://lists.apache.org/thread/6hn0thq743vz9gh283s2d87wz8tqh37c

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

28-05-2025 - 19:55

Objavljeno

01-03-2024 - 15:15