CVE-2017-3150

CWE-79Cross-site Scripting (XSS)5 documents4 sources
Severity
6.1MEDIUM
EPSS
1.0%
top 22.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache AtlasApache Atlas
Timeline
PublishedAug 29
Latest updateMay 17

Description

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

Mavenorg.apache.atlas:atlas-common0.6.0-incubating0.7.1-incubating
NVDapache/atlas0.6.0, 0.7.0+1
CVEListV5apache_software_foundation/apache_atlas0.6.0-incubating, 0.7.0-incubating+1

🔴Vulnerability Details

4
OSV
Insecure cookie storage in Apache Atlas2022-05-17
GHSA
Insecure cookie storage in Apache Atlas2022-05-17
CVEList
CVE-2017-3150: Apache Atlas versions 02017-08-29
OSV
CVE-2017-3150: Apache Atlas versions 02017-08-29
CVE-2017-3150 (MEDIUM CVSS 6.1) | Apache Atlas versions 0.6.0-incubat | cvebase.io