Apache Software Foundation Apache Atlas vulnerabilities
9 known vulnerabilities affecting apache_software_foundation/apache_atlas.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2024-46910HIGHCVSS 7.1≥ 2.0.0, ≤ 2.3.02025-02-13
CVE-2024-46910 [HIGH] CWE-80 CVE-2024-46910: An authenticated user can perform XSS and potentially impersonate another user.
This issue affects
An authenticated user can perform XSS and potentially impersonate another user.
This issue affects Apache Atlas versions 2.3.0 and earlier.
Users are recommended to upgrade to version 2.4.0, which fixes the issue.
cvelistv5nvd
CVE-2022-34271HIGHCVSS 8.8≥ 0.8.4, < 2.3.02022-12-14
CVE-2022-34271 [HIGH] CWE-22 CVE-2022-34271: A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.
cvelistv5nvd
CVE-2016-8752HIGHCVSS 7.5v0.6.0-incubatingv0.7.0-incubating+1 more2017-08-29
CVE-2016-8752 [HIGH] CWE-284 CVE-2016-8752: Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to
Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.
cvelistv5nvd
CVE-2017-3154HIGHCVSS 7.5v0.6.0-incubatingv0.7.0-incubating2017-08-29
CVE-2017-3154 [HIGH] CWE-200 CVE-2017-3154: Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trac
Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.
cvelistv5nvd
CVE-2017-3152MEDIUMCVSS 6.1v0.6.0-incubatingv0.7.0-incubating2017-08-29
CVE-2017-3152 [MEDIUM] CWE-79 CVE-2017-3152: Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
cvelistv5nvd
CVE-2017-3150MEDIUMCVSS 6.1v0.6.0-incubatingv0.7.0-incubating2017-08-29
CVE-2017-3150 [MEDIUM] CWE-79 CVE-2017-3150: Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.
cvelistv5nvd
CVE-2017-3151MEDIUMCVSS 6.1v0.6.0-incubatingv0.7.0-incubating2017-08-29
CVE-2017-3151 [MEDIUM] CWE-79 CVE-2017-3151: Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Si
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
cvelistv5nvd
CVE-2017-3153MEDIUMCVSS 6.1v0.6.0-incubatingv0.7.0-incubating2017-08-29
CVE-2017-3153 [MEDIUM] CWE-79 CVE-2017-3153: Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS i
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.
cvelistv5nvd
CVE-2017-3155MEDIUMCVSS 6.1v0.6.0-incubatingv0.7.0-incubating2017-08-29
CVE-2017-3155 [MEDIUM] CWE-79 CVE-2017-3155: Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scr
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
cvelistv5nvd