Sure, we can cherry-pick.. will do thanks. From: Jialiang Cai <[email protected]> Date: Saturday, March 2, 2024 at 11:29 To: [email protected] <[email protected]> Subject: Re: CVE-2023-50378: Apache Ambari: Various XSS problems Which issue addresses this vulnerability? Can it be merged into 2.8?
> On Mar 1, 2024, at 22:31, Brahma Reddy Battula <[email protected]> wrote: > > Severity: important > > Affected versions: > > - Apache Ambari 2.7.0 through 2.7.7 > > Description: > > Lack of proper input validation and constraint enforcement in Apache Ambari > prior to 2.7.8 > > Impact : As it will be stored XSS, Could be exploited to perform > unauthorized actions, varying from data access to session hijacking and > delivering malicious payloads. > > Users are recommended to upgrade to version 2.7.8 which fixes this issue. > > References: > > https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fambari.apache.org%2F&data=05%7C02%7Cbbattula%40visa.com%7Cbc54d2286f774d608bc208dc3a7dee7d%7C38305e12e15d4ee888b9c4db1c477d76%7C0%7C0%7C638449559765437620%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=pL04majM3AgTxlFq6lprx%2F5jnHb720JuRZbwR%2BoWSu0%3D&reserved=0<https://ambari.apache.org/> > https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cve.org%2FCVERecord%3Fid%3DCVE-2023-50378&data=05%7C02%7Cbbattula%40visa.com%7Cbc54d2286f774d608bc208dc3a7dee7d%7C38305e12e15d4ee888b9c4db1c477d76%7C0%7C0%7C638449559765445463%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=iTguZwLx1py3cgwc3hwvHKe3W1YZ9T9qQPjdpBgHpTo%3D&reserved=0<https://www.cve.org/CVERecord?id=CVE-2023-50378> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
