CVE-2016-8752

CWE-284Improper Access ControlCWE-22Path Traversal5 documents4 sources
Severity
7.5HIGH
EPSS
1.0%
top 22.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache AtlasApache Atlas
Timeline
PublishedAug 29
Latest updateMay 17

Description

Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Mavenorg.apache.atlas:atlas-common0.6.0-incubating0.8-incubating
NVDapache/atlas0.6.0, 0.7.0, 0.7.1+2
CVEListV5apache_software_foundation/apache_atlas0.6.0-incubating, 0.7.0-incubating, 0.7.1-incubating+2

🔴Vulnerability Details

4
OSV
Path Traversal in Apache Atlas2022-05-17
GHSA
Path Traversal in Apache Atlas2022-05-17
CVEList
CVE-2016-8752: Apache Atlas versions 02017-08-29
OSV
CVE-2016-8752: Apache Atlas versions 02017-08-29
CVE-2016-8752 (HIGH CVSS 7.5) | Apache Atlas versions 0.6.0 (incuba | cvebase.io