CVE-2023-50378

Опубликовано: 01 мар. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8

Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads.

Users are recommended to upgrade to version 2.7.8 which fixes this issue.

Ссылки

https://lists.apache.org/thread/6hn0thq743vz9gh283s2d87wz8tqh37c
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/03/01/5
Mailing List
https://lists.apache.org/thread/6hn0thq743vz9gh283s2d87wz8tqh37c
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:ambari:*:*:*:*:*:*:*:*

Версия от 2.7.0 (включая) до 2.7.8 (исключая)

EPSS

Процентиль: 84%

0.02055

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-9q6v-rxmw-g3gh

CVSS3: 6.1

github

почти 2 года назад

Apache Ambari: Various Cross site scripting problems

BDU:2024-01892

CVSS3: 4.3

fstec