14 matches found
CVE-2020-17521
CVE-2020-17521 affects Apache Groovy extension methods that handle temporary directory creation. The root cause is a race condition in Groovy’s implementation, which previously called a now-superseded Java JDK method; this could allow a local attacker to obtain sensitive information. Affected ver...
CVE-2019-10070
CVE-2019-10070 affects Apache Atlas 0.8.3 and 1.1.0, with a stored cross-site scripting (XSS) flaw in the search functionality. The issue stems from inadequate input sanitization, allowing attacker-supplied HTML/script to execute in the victim’s browser (HTML injection described in vendor advisor...
CVE-2022-34271
CVE-2022-34271 is a path traversal vulnerability in Apache Atlas in the import module. It affects versions 0.8.4 through 2.2.0 and allows an authenticated user to write to the web server filesystem due to improper input validation in the import functionality. Exploitation status or in-the-wild de...
CVE-2020-13928
CVE-2020-13928 – Apache Atlas XSS vulnerability affects Apache Atlas versions before 2.1.0. The issue arises in the basic search/rendering paths where un-sanitized input is processed, enabling cross-site scripting. The vulnerability is documented across multiple feeds (NVD, Red Hat, GHSA, osv, CN...
CVE-2017-3150
Apache Atlas (v0.6.0-incubating and v0.7.0-incubating) is affected by an insecure cookie storage issue: cookies could be accessible to client-side scripts, exposing potentially sensitive data. This is documented across multiple sources (GHSA-WVMQ-W7M8-G9XM, OSV, CNVD, NVD entries). The CVE-2017-3...
CVE-2017-3154
CVE-2017-3154 affects Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating. The underlying issue is that error responses reveal a stack trace, leading to information exposure. The available documents describe the vulnerability as an information-disclosure flaw but do not provide details on...
CVE-2017-3153
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating are affected by a Reflected XSS vulnerability in the search functionality (CVE-2017-3153). The connected documents state the issue but do not provide root-cause details, exploit status, or remediation steps. No patch/version fix is speci...
CVE-2017-3152
Apache Atlas is affected in versions 0.6.0-incubating and 0.7.0-incubating by a DOM-based XSS vulnerability in the edit-tag function. The CNVD entry describes an ability for a remote attacker to inject arbitrary web script or HTML, indicating browser-side script execution risk. The CVE entry conf...
CVE-2017-3151
Apache Atlas CVE-2017-3151 affects versions 0.6.0-incubating and 0.7.0-incubating, with a Stored Cross-Site Scripting flaw in the edit-tag functionality. Root cause details are not elaborated beyond the XSS issue; no exploit specifics are provided in the connected documents. The impact is implied...
CVE-2017-3155
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating are reported vulnerable to cross-site scripting (cross frame scripting). The connected documents confirm the affected product and vulnerability type but do not provide specific root-cause details, affected components, exploit information...
CVE-2016-8752
Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) expose a path-traversal issue that allows access to the webapp directory contents by requesting URIs such as /js or /img. This is a disclosure vulnerability affecting the webapp content and does not indicate code...
CVE-2024-46910
CVE-2024-46910 concerns Apache Atlas. The issue allows an authenticated user to perform Cross‑Site Scripting and potentially impersonate other users, affecting Atlas versions ≤ 2.3.0. Root cause involves insufficient input filtering/escaping. A fixed version is 2.4.0. No exploitation details are ...
CVE-2026-40563
CVE-2026-40563 concerns Apache Atlas where an exposed DSL search endpoint accepts user-supplied query strings, enabling a code injection that can alter Gremlin traversal logic and access unintended data. Affected versions range from 0.8 through 2.4.0. For Atlas deployments using non-default confi...
CVE-2025-62198
CVE-2025-62198 affects Apache Atlas versions 2.4.0 and earlier. The issue is a stored XSS on the Create Entity page that can be triggered by an authenticated user. Affected software is clearly specified as Apache Atlas; the root cause is a stored XSS in the Create Entity flow. The recommended mit...