CVE-2023-50378

Name of the Vulnerable Software and Affected Versions Apache Ambari versions prior to 2.7.8

Description The issue is related to a lack of proper input validation and constraint enforcement, which could be exploited to perform unauthorized actions, including data access, session hijacking, and delivering malicious payloads. This is a stored XSS issue, where malicious code gets executed whenever a legitimate user interacts with the compromised part of Ambari.

Recommendations For Apache Ambari versions prior to 2.7.8, upgrade to version 2.7.8, which fixes this issue. As a temporary workaround, consider restricting access to potentially vulnerable components of Ambari to minimize the risk of exploitation.