Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
21 vulnerabilities found for Apache Atlas by Apache Software Foundation
CVE-2025-62198 (GCVE-0-2025-62198)
Vulnerability from cvelistv5 – Published: 2026-06-22 07:47 – Updated: 2026-06-22 15:50
VLAI
Title
Apache Atlas: Stored XSS in Create Entity page
Summary
An authenticated user can perform XSS.
This issue affects Apache Atlas versions 2.4.0 and earlier.
Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0 , ≤ 2.4.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-22T08:01:16.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/20/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T15:50:14.516394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T15:50:36.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Grzegorz Misiun"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated user can perform XSS.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Atlas \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eversions \u003c/span\u003e2.4.0 and earlier.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.5.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "An authenticated user can perform XSS.\n\nThis issue affects Apache Atlas versions 2.4.0 and earlier.\n\nUsers are recommended to upgrade to version 2.5.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T07:47:11.847Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/nv893lhz3ok08f25j3v4z1to5nrpdp7k"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Atlas: Stored XSS in Create Entity page",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-62198",
"datePublished": "2026-06-22T07:47:11.847Z",
"dateReserved": "2025-10-08T19:44:39.189Z",
"dateUpdated": "2026-06-22T15:50:36.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40563 (GCVE-0-2026-40563)
Vulnerability from cvelistv5 – Published: 2026-05-04 15:17 – Updated: 2026-05-06 13:27
VLAI
Title
Apache Atlas: Script injection allows access to unintended data
Summary
Description:
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas
Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data
Affect Version:
This issue affects Apache Atlas: from 0.8 through 2.4.0.
For the affect version >= 2.0, vulnerability is only when Atlas is deployed with below non-default configuration.
atlas.dsl.executor.traversal=false
Mitigation:
Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.8 , ≤ 2.4.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-04T15:43:57.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/03/9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-40563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T03:56:07.820266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T13:27:03.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.atlas:atlas-repository",
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.0",
"status": "affected",
"version": "0.8",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Khaled M. Alshammri"
},
{
"lang": "en",
"type": "finder",
"value": "qx L"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cb\u003eDescription:\u003c/b\u003e\u003cbr\u003eImproper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Atlas\u003cbr\u003eApache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003eAffect Version:\u003c/b\u003e\u003cbr\u003eThis issue affects Apache Atlas: from 0.8 through 2.4.0.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eFor the affect version \u0026gt;= 2.0, vulnerability is only when Atlas is deployed with below non-default configuration.\u003cbr\u003e\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003eatlas.dsl.executor.traversal=false\u003c/pre\u003e\u003c/div\u003e\u003cb\u003eMitigation:\u003c/b\u003e\u003cbr\u003eUsers are recommended to upgrade to version 2.5.0, which fixes the issue.\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Description:\nImproper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Atlas\nApache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data\n\n\n\n\nAffect Version:\nThis issue affects Apache Atlas: from 0.8 through 2.4.0.\n\n\n\nFor the affect version \u003e= 2.0, vulnerability is only when Atlas is deployed with below non-default configuration.\n\n\natlas.dsl.executor.traversal=false\n\n\n\nMitigation:\nUsers are recommended to upgrade to version 2.5.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T15:17:32.511Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/vd0oggmqxl2k1skm0z2f9p0plx7jhmfl"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Atlas: Script injection allows access to unintended data",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-40563",
"datePublished": "2026-05-04T15:17:32.511Z",
"dateReserved": "2026-04-14T12:05:23.666Z",
"dateUpdated": "2026-05-06T13:27:03.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46910 (GCVE-0-2024-46910)
Vulnerability from cvelistv5 – Published: 2025-02-13 08:52 – Updated: 2025-10-17 15:50
VLAI
Title
Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user
Summary
An authenticated user can perform XSS and potentially impersonate another user.
This issue affects Apache Atlas versions 2.3.0 and earlier.
Users are recommended to upgrade to version 2.4.0, which fixes the issue.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
2.0.0 , ≤ 2.3.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-02-13T09:03:26.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/02/12/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T20:33:23.610651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T20:33:42.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.atlas:atlas-webapp",
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.3.0",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SecIQ Technologies LLP"
},
{
"lang": "en",
"type": "finder",
"value": "Darpan Patel (SecIQ Technologies)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated user can perform XSS and potentially impersonate another user.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Atlas \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eversions\u0026nbsp;\u003c/span\u003e2.3.0 and earlier.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "An authenticated user can perform XSS and potentially impersonate another user.\n\nThis issue affects Apache Atlas versions\u00a02.3.0 and earlier.\n\nUsers are recommended to upgrade to version 2.4.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T15:50:34.064Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/sqzp34l4cdk21zoq5g31qlsvr7jvb1fy"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-46910",
"datePublished": "2025-02-13T08:52:57.498Z",
"dateReserved": "2024-09-13T21:17:58.694Z",
"dateUpdated": "2025-10-17T15:50:34.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34271 (GCVE-0-2022-34271)
Vulnerability from cvelistv5 – Published: 2022-12-14 08:35 – Updated: 2025-04-18 14:28
VLAI
Title
Apache Atlas: zip path traversal in import functionality
Summary
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/0rqvcxo6brmos9w3l… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.8.4 , < 2.3.0
(maven)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/0rqvcxo6brmos9w3lzfsdn2lsmlblpw3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T14:27:56.712836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T14:28:47.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.3.0",
"status": "affected",
"version": "0.8.4",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Huangzhicong"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0."
}
],
"value": "A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-20T13:11:28.539Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/0rqvcxo6brmos9w3lzfsdn2lsmlblpw3"
}
],
"source": {
"defect": [
"ATLAS-4622"
],
"discovery": "EXTERNAL"
},
"title": "Apache Atlas: zip path traversal in import functionality",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-34271",
"datePublished": "2022-12-14T08:35:59.499Z",
"dateReserved": "2022-06-22T07:13:12.528Z",
"dateUpdated": "2025-04-18T14:28:47.874Z",
"requesterUserId": "01d7ebfd-4418-401d-b8e4-f5ae3da29160",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3155 (GCVE-0-2017-3155)
Vulnerability from cvelistv5 – Published: 2017-08-29 20:00 – Updated: 2024-09-16 19:36
VLAI
Summary
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
Severity
No CVSS data available.
CWE
- XFS - cross frame scripting vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/4a4fef91e067… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/100587 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.6.0-incubating
Affected: 0.7.0-incubating |
Date Public
2017-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100587",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100587"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0-incubating"
},
{
"status": "affected",
"version": "0.7.0-incubating"
}
]
}
],
"datePublic": "2017-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XFS - cross frame scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-05T09:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100587",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100587"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-05-07T00:00:00",
"ID": "CVE-2017-3155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Atlas",
"version": {
"version_data": [
{
"version_value": "0.6.0-incubating"
},
{
"version_value": "0.7.0-incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XFS - cross frame scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E"
},
{
"name": "100587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100587"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-3155",
"datePublished": "2017-08-29T20:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:36:18.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3150 (GCVE-0-2017-3150)
Vulnerability from cvelistv5 – Published: 2017-08-29 20:00 – Updated: 2024-09-16 19:57
VLAI
Summary
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.
Severity
No CVSS data available.
CWE
- Use of insecure cookies
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/4a4fef91e067… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/100536 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.6.0-incubating
Affected: 0.7.0-incubating |
Date Public
2017-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100536",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0-incubating"
},
{
"status": "affected",
"version": "0.7.0-incubating"
}
]
}
],
"datePublic": "2017-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of insecure cookies",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100536",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-05-07T00:00:00",
"ID": "CVE-2017-3150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Atlas",
"version": {
"version_data": [
{
"version_value": "0.6.0-incubating"
},
{
"version_value": "0.7.0-incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of insecure cookies"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E"
},
{
"name": "100536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-3150",
"datePublished": "2017-08-29T20:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:57:05.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3153 (GCVE-0-2017-3153)
Vulnerability from cvelistv5 – Published: 2017-08-29 20:00 – Updated: 2024-09-16 18:24
VLAI
Summary
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.
Severity
No CVSS data available.
CWE
- Reflected XSS vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/4a4fef91e067… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/100578 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.6.0-incubating
Affected: 0.7.0-incubating |
Date Public
2017-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100578",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100578"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0-incubating"
},
{
"status": "affected",
"version": "0.7.0-incubating"
}
]
}
],
"datePublic": "2017-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected XSS vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100578",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100578"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-05-07T00:00:00",
"ID": "CVE-2017-3153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Atlas",
"version": {
"version_data": [
{
"version_value": "0.6.0-incubating"
},
{
"version_value": "0.7.0-incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected XSS vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E"
},
{
"name": "100578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100578"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-3153",
"datePublished": "2017-08-29T20:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:24:06.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3152 (GCVE-0-2017-3152)
Vulnerability from cvelistv5 – Published: 2017-08-29 20:00 – Updated: 2024-09-16 22:16
VLAI
Summary
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
Severity
No CVSS data available.
CWE
- DOM XSS threat
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/100577 | vdb-entryx_refsource_BID |
| https://lists.apache.org/thread.html/4a4fef91e067… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.6.0-incubating
Affected: 0.7.0-incubating |
Date Public
2017-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100577"
},
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0-incubating"
},
{
"status": "affected",
"version": "0.7.0-incubating"
}
]
}
],
"datePublic": "2017-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DOM XSS threat",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "100577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100577"
},
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-05-07T00:00:00",
"ID": "CVE-2017-3152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Atlas",
"version": {
"version_data": [
{
"version_value": "0.6.0-incubating"
},
{
"version_value": "0.7.0-incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DOM XSS threat"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100577"
},
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-3152",
"datePublished": "2017-08-29T20:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:16:03.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3151 (GCVE-0-2017-3151)
Vulnerability from cvelistv5 – Published: 2017-08-29 20:00 – Updated: 2024-09-17 00:55
VLAI
Summary
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
Severity
No CVSS data available.
CWE
- Persistent XSS vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/100547 | vdb-entryx_refsource_BID |
| https://lists.apache.org/thread.html/4a4fef91e067… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.6.0-incubating
Affected: 0.7.0-incubating |
Date Public
2017-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100547",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100547"
},
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0-incubating"
},
{
"status": "affected",
"version": "0.7.0-incubating"
}
]
}
],
"datePublic": "2017-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Persistent XSS vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T09:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "100547",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100547"
},
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-05-07T00:00:00",
"ID": "CVE-2017-3151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Atlas",
"version": {
"version_data": [
{
"version_value": "0.6.0-incubating"
},
{
"version_value": "0.7.0-incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Persistent XSS vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100547"
},
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-3151",
"datePublished": "2017-08-29T20:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:55:58.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8752 (GCVE-0-2016-8752)
Vulnerability from cvelistv5 – Published: 2017-08-29 20:00 – Updated: 2024-09-16 19:05
VLAI
Summary
Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/f7435d66b840… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.6.0-incubating
Affected: 0.7.0-incubating Affected: 0.7.1-incubating |
Date Public
2017-05-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:00.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20170523 CVE updates: fixes in Apache Atlas 0.8-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0-incubating"
},
{
"status": "affected",
"version": "0.7.0-incubating"
},
{
"status": "affected",
"version": "0.7.1-incubating"
}
]
}
],
"datePublic": "2017-05-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-29T19:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20170523 CVE updates: fixes in Apache Atlas 0.8-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-05-23T00:00:00",
"ID": "CVE-2016-8752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Atlas",
"version": {
"version_data": [
{
"version_value": "0.6.0-incubating"
},
{
"version_value": "0.7.0-incubating"
},
{
"version_value": "0.7.1-incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20170523 CVE updates: fixes in Apache Atlas 0.8-incubating",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86@%3Cdev.atlas.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2016-8752",
"datePublished": "2017-08-29T20:00:00.000Z",
"dateReserved": "2016-10-18T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:05:02.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3154 (GCVE-0-2017-3154)
Vulnerability from cvelistv5 – Published: 2017-08-29 20:00 – Updated: 2024-09-16 21:07
VLAI
Summary
Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.
Severity
No CVSS data available.
CWE
- Stack trace in error response
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/4a4fef91e067… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/100581 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.6.0-incubating
Affected: 0.7.0-incubating |
Date Public
2017-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0-incubating"
},
{
"status": "affected",
"version": "0.7.0-incubating"
}
]
}
],
"datePublic": "2017-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack trace in error response",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-05T09:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-05-07T00:00:00",
"ID": "CVE-2017-3154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Atlas",
"version": {
"version_data": [
{
"version_value": "0.6.0-incubating"
},
{
"version_value": "0.7.0-incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack trace in error response"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E"
},
{
"name": "100581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-3154",
"datePublished": "2017-08-29T20:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:07:44.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-40563 (GCVE-0-2026-40563)
Vulnerability from nvd – Published: 2026-05-04 15:17 – Updated: 2026-05-06 13:27
VLAI
Title
Apache Atlas: Script injection allows access to unintended data
Summary
Description:
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas
Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data
Affect Version:
This issue affects Apache Atlas: from 0.8 through 2.4.0.
For the affect version >= 2.0, vulnerability is only when Atlas is deployed with below non-default configuration.
atlas.dsl.executor.traversal=false
Mitigation:
Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.8 , ≤ 2.4.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-04T15:43:57.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/03/9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-40563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T03:56:07.820266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T13:27:03.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.atlas:atlas-repository",
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.0",
"status": "affected",
"version": "0.8",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Khaled M. Alshammri"
},
{
"lang": "en",
"type": "finder",
"value": "qx L"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cb\u003eDescription:\u003c/b\u003e\u003cbr\u003eImproper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Atlas\u003cbr\u003eApache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003eAffect Version:\u003c/b\u003e\u003cbr\u003eThis issue affects Apache Atlas: from 0.8 through 2.4.0.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eFor the affect version \u0026gt;= 2.0, vulnerability is only when Atlas is deployed with below non-default configuration.\u003cbr\u003e\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003eatlas.dsl.executor.traversal=false\u003c/pre\u003e\u003c/div\u003e\u003cb\u003eMitigation:\u003c/b\u003e\u003cbr\u003eUsers are recommended to upgrade to version 2.5.0, which fixes the issue.\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Description:\nImproper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Atlas\nApache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data\n\n\n\n\nAffect Version:\nThis issue affects Apache Atlas: from 0.8 through 2.4.0.\n\n\n\nFor the affect version \u003e= 2.0, vulnerability is only when Atlas is deployed with below non-default configuration.\n\n\natlas.dsl.executor.traversal=false\n\n\n\nMitigation:\nUsers are recommended to upgrade to version 2.5.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T15:17:32.511Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/vd0oggmqxl2k1skm0z2f9p0plx7jhmfl"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Atlas: Script injection allows access to unintended data",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-40563",
"datePublished": "2026-05-04T15:17:32.511Z",
"dateReserved": "2026-04-14T12:05:23.666Z",
"dateUpdated": "2026-05-06T13:27:03.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46910 (GCVE-0-2024-46910)
Vulnerability from nvd – Published: 2025-02-13 08:52 – Updated: 2025-10-17 15:50
VLAI
Title
Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user
Summary
An authenticated user can perform XSS and potentially impersonate another user.
This issue affects Apache Atlas versions 2.3.0 and earlier.
Users are recommended to upgrade to version 2.4.0, which fixes the issue.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
2.0.0 , ≤ 2.3.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-02-13T09:03:26.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/02/12/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T20:33:23.610651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T20:33:42.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.atlas:atlas-webapp",
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.3.0",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SecIQ Technologies LLP"
},
{
"lang": "en",
"type": "finder",
"value": "Darpan Patel (SecIQ Technologies)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated user can perform XSS and potentially impersonate another user.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Atlas \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eversions\u0026nbsp;\u003c/span\u003e2.3.0 and earlier.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "An authenticated user can perform XSS and potentially impersonate another user.\n\nThis issue affects Apache Atlas versions\u00a02.3.0 and earlier.\n\nUsers are recommended to upgrade to version 2.4.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T15:50:34.064Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/sqzp34l4cdk21zoq5g31qlsvr7jvb1fy"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-46910",
"datePublished": "2025-02-13T08:52:57.498Z",
"dateReserved": "2024-09-13T21:17:58.694Z",
"dateUpdated": "2025-10-17T15:50:34.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34271 (GCVE-0-2022-34271)
Vulnerability from nvd – Published: 2022-12-14 08:35 – Updated: 2025-04-18 14:28
VLAI
Title
Apache Atlas: zip path traversal in import functionality
Summary
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/0rqvcxo6brmos9w3l… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.8.4 , < 2.3.0
(maven)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/0rqvcxo6brmos9w3lzfsdn2lsmlblpw3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T14:27:56.712836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T14:28:47.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.3.0",
"status": "affected",
"version": "0.8.4",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Huangzhicong"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0."
}
],
"value": "A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-20T13:11:28.539Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/0rqvcxo6brmos9w3lzfsdn2lsmlblpw3"
}
],
"source": {
"defect": [
"ATLAS-4622"
],
"discovery": "EXTERNAL"
},
"title": "Apache Atlas: zip path traversal in import functionality",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-34271",
"datePublished": "2022-12-14T08:35:59.499Z",
"dateReserved": "2022-06-22T07:13:12.528Z",
"dateUpdated": "2025-04-18T14:28:47.874Z",
"requesterUserId": "01d7ebfd-4418-401d-b8e4-f5ae3da29160",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3155 (GCVE-0-2017-3155)
Vulnerability from nvd – Published: 2017-08-29 20:00 – Updated: 2024-09-16 19:36
VLAI
Summary
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
Severity
No CVSS data available.
CWE
- XFS - cross frame scripting vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/4a4fef91e067… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/100587 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.6.0-incubating
Affected: 0.7.0-incubating |
Date Public
2017-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100587",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100587"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0-incubating"
},
{
"status": "affected",
"version": "0.7.0-incubating"
}
]
}
],
"datePublic": "2017-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XFS - cross frame scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-05T09:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100587",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100587"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-05-07T00:00:00",
"ID": "CVE-2017-3155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Atlas",
"version": {
"version_data": [
{
"version_value": "0.6.0-incubating"
},
{
"version_value": "0.7.0-incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XFS - cross frame scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E"
},
{
"name": "100587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100587"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-3155",
"datePublished": "2017-08-29T20:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:36:18.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3154 (GCVE-0-2017-3154)
Vulnerability from nvd – Published: 2017-08-29 20:00 – Updated: 2024-09-16 21:07
VLAI
Summary
Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.
Severity
No CVSS data available.
CWE
- Stack trace in error response
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/4a4fef91e067… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/100581 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.6.0-incubating
Affected: 0.7.0-incubating |
Date Public
2017-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0-incubating"
},
{
"status": "affected",
"version": "0.7.0-incubating"
}
]
}
],
"datePublic": "2017-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack trace in error response",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-05T09:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-05-07T00:00:00",
"ID": "CVE-2017-3154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Atlas",
"version": {
"version_data": [
{
"version_value": "0.6.0-incubating"
},
{
"version_value": "0.7.0-incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack trace in error response"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E"
},
{
"name": "100581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-3154",
"datePublished": "2017-08-29T20:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:07:44.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3153 (GCVE-0-2017-3153)
Vulnerability from nvd – Published: 2017-08-29 20:00 – Updated: 2024-09-16 18:24
VLAI
Summary
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.
Severity
No CVSS data available.
CWE
- Reflected XSS vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/4a4fef91e067… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/100578 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.6.0-incubating
Affected: 0.7.0-incubating |
Date Public
2017-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100578",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100578"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0-incubating"
},
{
"status": "affected",
"version": "0.7.0-incubating"
}
]
}
],
"datePublic": "2017-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected XSS vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100578",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100578"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-05-07T00:00:00",
"ID": "CVE-2017-3153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Atlas",
"version": {
"version_data": [
{
"version_value": "0.6.0-incubating"
},
{
"version_value": "0.7.0-incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected XSS vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E"
},
{
"name": "100578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100578"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-3153",
"datePublished": "2017-08-29T20:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:24:06.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3152 (GCVE-0-2017-3152)
Vulnerability from nvd – Published: 2017-08-29 20:00 – Updated: 2024-09-16 22:16
VLAI
Summary
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
Severity
No CVSS data available.
CWE
- DOM XSS threat
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/100577 | vdb-entryx_refsource_BID |
| https://lists.apache.org/thread.html/4a4fef91e067… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.6.0-incubating
Affected: 0.7.0-incubating |
Date Public
2017-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100577"
},
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0-incubating"
},
{
"status": "affected",
"version": "0.7.0-incubating"
}
]
}
],
"datePublic": "2017-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DOM XSS threat",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "100577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100577"
},
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-05-07T00:00:00",
"ID": "CVE-2017-3152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Atlas",
"version": {
"version_data": [
{
"version_value": "0.6.0-incubating"
},
{
"version_value": "0.7.0-incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DOM XSS threat"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100577"
},
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-3152",
"datePublished": "2017-08-29T20:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:16:03.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3151 (GCVE-0-2017-3151)
Vulnerability from nvd – Published: 2017-08-29 20:00 – Updated: 2024-09-17 00:55
VLAI
Summary
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
Severity
No CVSS data available.
CWE
- Persistent XSS vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/100547 | vdb-entryx_refsource_BID |
| https://lists.apache.org/thread.html/4a4fef91e067… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.6.0-incubating
Affected: 0.7.0-incubating |
Date Public
2017-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100547",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100547"
},
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0-incubating"
},
{
"status": "affected",
"version": "0.7.0-incubating"
}
]
}
],
"datePublic": "2017-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Persistent XSS vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T09:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "100547",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100547"
},
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-05-07T00:00:00",
"ID": "CVE-2017-3151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Atlas",
"version": {
"version_data": [
{
"version_value": "0.6.0-incubating"
},
{
"version_value": "0.7.0-incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Persistent XSS vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100547"
},
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-3151",
"datePublished": "2017-08-29T20:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:55:58.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3150 (GCVE-0-2017-3150)
Vulnerability from nvd – Published: 2017-08-29 20:00 – Updated: 2024-09-16 19:57
VLAI
Summary
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.
Severity
No CVSS data available.
CWE
- Use of insecure cookies
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/4a4fef91e067… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/100536 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.6.0-incubating
Affected: 0.7.0-incubating |
Date Public
2017-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100536",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0-incubating"
},
{
"status": "affected",
"version": "0.7.0-incubating"
}
]
}
],
"datePublic": "2017-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of insecure cookies",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "100536",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-05-07T00:00:00",
"ID": "CVE-2017-3150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Atlas",
"version": {
"version_data": [
{
"version_value": "0.6.0-incubating"
},
{
"version_value": "0.7.0-incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of insecure cookies"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E"
},
{
"name": "100536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-3150",
"datePublished": "2017-08-29T20:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:57:05.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8752 (GCVE-0-2016-8752)
Vulnerability from nvd – Published: 2017-08-29 20:00 – Updated: 2024-09-16 19:05
VLAI
Summary
Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/f7435d66b840… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Atlas |
Affected:
0.6.0-incubating
Affected: 0.7.0-incubating Affected: 0.7.1-incubating |
Date Public
2017-05-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:00.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20170523 CVE updates: fixes in Apache Atlas 0.8-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Atlas",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0-incubating"
},
{
"status": "affected",
"version": "0.7.0-incubating"
},
{
"status": "affected",
"version": "0.7.1-incubating"
}
]
}
],
"datePublic": "2017-05-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-29T19:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20170523 CVE updates: fixes in Apache Atlas 0.8-incubating",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-05-23T00:00:00",
"ID": "CVE-2016-8752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Atlas",
"version": {
"version_data": [
{
"version_value": "0.6.0-incubating"
},
{
"version_value": "0.7.0-incubating"
},
{
"version_value": "0.7.1-incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20170523 CVE updates: fixes in Apache Atlas 0.8-incubating",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86@%3Cdev.atlas.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2016-8752",
"datePublished": "2017-08-29T20:00:00.000Z",
"dateReserved": "2016-10-18T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:05:02.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}