CVE-2023-50378 — MEDIUM (6.1)

Q: How severe is CVE-2023-50378?

CVE-2023-50378 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-50378?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Ambari.

Vulnerability Description

Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8 Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. Users are recommended to upgrade to version 2.7.8 which fixes this issue.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Ambari	>= 2.7.0, < 2.7.8

Related Weaknesses (CWE)

CWE-79

References

https://lists.apache.org/thread/6hn0thq743vz9gh283s2d87wz8tqh37cMailing ListVendor Advisory
http://www.openwall.com/lists/oss-security/2024/03/01/5Mailing List
https://lists.apache.org/thread/6hn0thq743vz9gh283s2d87wz8tqh37cMailing ListVendor Advisory

FAQ

What is CVE-2023-50378?

CVE-2023-50378 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8 Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data ...

How severe is CVE-2023-50378?

CVE-2023-50378 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-50378?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Ambari.