CVE-2022-34271

CWE-22Path Traversal4 documents4 sources
Severity
8.8HIGH
EPSS
0.5%
top 32.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache AtlasApache Atlas
Timeline
PublishedDec 14

Description

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Mavenorg.apache.atlas:apache-atlas0.8.42.3.0
CVEListV5apache_software_foundation/apache_atlas0.8.42.3.0
NVDapache/atlas0.8.42.2.0

🔴Vulnerability Details

3
OSV
Apache Atlas: zip path traversal in import functionality2022-12-14
GHSA
Apache Atlas: zip path traversal in import functionality2022-12-14
CVEList
Apache Atlas: zip path traversal in import functionality2022-12-14
CVE-2022-34271 (HIGH CVSS 8.8) | A vulnerability in import module of | cvebase.io