CVE-2023-50378
Apache Ambari: Various Cross site scripting problems
6.1
MEDIUM
CVSS 3.1
EPSS 2.1%
Description
Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8 Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. Users are recommended to upgrade to version 2.7.8 which fixes this issue.
How to fix CVE-2023-50378
To remediate CVE-2023-50378, upgrade the affected package to a fixed version below.
- —upgrade to 2.7.8 or later
Is CVE-2023-50378 being exploited?
Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.7.8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |