Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ApacheKnox

2 matches found

CVE
CVEadded 2022/01/17 7:25 p.m.112 views

CVE-2021-42357

CVE-2021-42357 affects Apache Knox SSO prior to 1.6.1. The issue arises from improper URL parsing, allowing a crafted request parameter to redirect users to an attacker-controlled page. Practical impact described across sources is a user-facing redirect that would need exposure outside the normal...

6.1CVSS5.9AI score0.0601EPSS
CVE
CVEadded 2017/05/26 9:0 p.m.57 views

CVE-2017-5646

Summary: Apache Knox versions 0.2.0–0.11.0 are vulnerable to an impersonation weakness when accessing WebHDFS, allowing an authenticated user to impersonate another user via a specially crafted URL, potentially enabling escalated privileges and unauthorized data access. The activity is audit logg...

6.8CVSS6.4AI score0.00072EPSS