{"cve":{"cve_id":"CVE-2023-50378","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.01212,"epss_percentile":0.64549,"epss_as_of":"2026-06-23","description":"Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8  \n\n Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. \n\nUsers are recommended to upgrade to version  2.7.8 which fixes this issue.","published_at":"2024-03-01T14:38:29.732000Z","last_modified_at":null,"cvss_v3_score":6.1,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-79"],"nvd_references":["https://lists.apache.org/thread/6hn0thq743vz9gh283s2d87wz8tqh37c"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:41:37.767234Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"L","value_label":"Low"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"apache-software-foundation","vendor_name":"Apache Software Foundation","product_slug":"apache-ambari","product_name":"Apache Ambari","version_start":"2.7.0","version_start_inclusive":true,"version_end":"2.7.7","version_end_inclusive":true,"cpe23_uri":"cve5:apache-software-foundation:apache-ambari:2.7.0:2.7.7"}],"exploit_refs":[],"news":[],"references":[{"url":"https://lists.apache.org/thread/6hn0thq743vz9gh283s2d87wz8tqh37c","source_type":"MAILING_LIST","tags":["mailing-list"]}],"timeline":[{"type":"published","at":"2024-03-01T14:38:29.732000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:31:00.193989Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:31:00.193989Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:31:00.193989Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:41:37.767234Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:41:37.767234Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:41:37.767234Z","label":"SSVC decision revised","source":"vulnrichment"}]}