Lucene search
K
ApacheAtlas

14 matches found

CVE
CVE
added 2020/12/07 7:22 p.m.359 views

CVE-2020-17521

CVE-2020-17521 affects Apache Groovy extension methods that handle temporary directory creation. The root cause is a race condition in Groovy’s implementation, which previously called a now-superseded Java JDK method; this could allow a local attacker to obtain sensitive information. Affected ver...

5.5CVSS5.4AI score0.0105EPSS
CVE
CVE
added 2019/11/18 8:5 p.m.134 views

CVE-2019-10070

CVE-2019-10070 affects Apache Atlas 0.8.3 and 1.1.0, with a stored cross-site scripting (XSS) flaw in the search functionality. The issue stems from inadequate input sanitization, allowing attacker-supplied HTML/script to execute in the victim’s browser (HTML injection described in vendor advisor...

6.1CVSS5.9AI score0.01787EPSS
CVE
CVE
added 2022/12/14 8:35 a.m.96 views

CVE-2022-34271

CVE-2022-34271 is a path traversal vulnerability in Apache Atlas in the import module. It affects versions 0.8.4 through 2.2.0 and allows an authenticated user to write to the web server filesystem due to improper input validation in the import functionality. Exploitation status or in-the-wild de...

8.8CVSS8.6AI score0.01384EPSS
CVE
CVE
added 2020/09/16 5:38 p.m.90 views

CVE-2020-13928

CVE-2020-13928 – Apache Atlas XSS vulnerability affects Apache Atlas versions before 2.1.0. The issue arises in the basic search/rendering paths where un-sanitized input is processed, enabling cross-site scripting. The vulnerability is documented across multiple feeds (NVD, Red Hat, GHSA, osv, CN...

6.1CVSS6AI score0.02587EPSS
CVE
CVE
added 2017/08/29 8:0 p.m.82 views

CVE-2017-3150

Apache Atlas (v0.6.0-incubating and v0.7.0-incubating) is affected by an insecure cookie storage issue: cookies could be accessible to client-side scripts, exposing potentially sensitive data. This is documented across multiple sources (GHSA-WVMQ-W7M8-G9XM, OSV, CNVD, NVD entries). The CVE-2017-3...

6.1CVSS6.1AI score0.01954EPSS
CVE
CVE
added 2017/08/29 8:0 p.m.81 views

CVE-2017-3154

CVE-2017-3154 affects Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating. The underlying issue is that error responses reveal a stack trace, leading to information exposure. The available documents describe the vulnerability as an information-disclosure flaw but do not provide details on...

7.5CVSS6.7AI score0.02053EPSS
CVE
CVE
added 2017/08/29 8:0 p.m.76 views

CVE-2017-3153

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating are affected by a Reflected XSS vulnerability in the search functionality (CVE-2017-3153). The connected documents state the issue but do not provide root-cause details, exploit status, or remediation steps. No patch/version fix is speci...

6.1CVSS6AI score0.01955EPSS
CVE
CVE
added 2017/08/29 8:0 p.m.74 views

CVE-2017-3152

Apache Atlas is affected in versions 0.6.0-incubating and 0.7.0-incubating by a DOM-based XSS vulnerability in the edit-tag function. The CNVD entry describes an ability for a remote attacker to inject arbitrary web script or HTML, indicating browser-side script execution risk. The CVE entry conf...

6.1CVSS5.9AI score0.01955EPSS
CVE
CVE
added 2017/08/29 8:0 p.m.73 views

CVE-2017-3151

Apache Atlas CVE-2017-3151 affects versions 0.6.0-incubating and 0.7.0-incubating, with a Stored Cross-Site Scripting flaw in the edit-tag functionality. Root cause details are not elaborated beyond the XSS issue; no exploit specifics are provided in the connected documents. The impact is implied...

6.1CVSS5.9AI score0.01919EPSS
CVE
CVE
added 2017/08/29 8:0 p.m.72 views

CVE-2017-3155

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating are reported vulnerable to cross-site scripting (cross frame scripting). The connected documents confirm the affected product and vulnerability type but do not provide specific root-cause details, affected components, exploit information...

6.1CVSS6AI score0.01812EPSS
CVE
CVE
added 2017/08/29 8:0 p.m.70 views

CVE-2016-8752

Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) expose a path-traversal issue that allows access to the webapp directory contents by requesting URIs such as /js or /img. This is a disclosure vulnerability affecting the webapp content and does not indicate code...

7.5CVSS7.4AI score0.02127EPSS
CVE
CVE
added 2025/02/13 8:52 a.m.58 views

CVE-2024-46910

CVE-2024-46910 concerns Apache Atlas. The issue allows an authenticated user to perform Cross‑Site Scripting and potentially impersonate other users, affecting Atlas versions ≤ 2.3.0. Root cause involves insufficient input filtering/escaping. A fixed version is 2.4.0. No exploitation details are ...

7.1CVSS6.1AI score0.00529EPSS
CVE
CVE
added 2026/05/04 3:17 p.m.19 views

CVE-2026-40563

CVE-2026-40563 concerns Apache Atlas where an exposed DSL search endpoint accepts user-supplied query strings, enabling a code injection that can alter Gremlin traversal logic and access unintended data. Affected versions range from 0.8 through 2.4.0. For Atlas deployments using non-default confi...

8.1CVSS5.8AI score0.00464EPSS
CVE
CVE
added 2026/06/22 7:47 a.m.17 views

CVE-2025-62198

CVE-2025-62198 affects Apache Atlas versions 2.4.0 and earlier. The issue is a stored XSS on the Create Entity page that can be triggered by an authenticated user. Affected software is clearly specified as Apache Atlas; the root cause is a stored XSS in the Create Entity flow. The recommended mit...

5.4CVSS5.8AI score0.00315EPSS