CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46910 – Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user
https://notcve.org/view.php?id=CVE-2024-46910
13 Feb 2025 — An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue. An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. • https://lists.apache.org/thread/sqzp34l4cdk21zoq5g31qlsvr7jvb1fy • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34271 – Apache Atlas: zip path traversal in import functionality
https://notcve.org/view.php?id=CVE-2022-34271
14 Dec 2022 — A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0. Una vulnerabilidad en el módulo de importación de Apache Atlas permite a un usuario autenticado escribir en el sistema de archivos del servidor web. Este problema afecta a las versiones de Apache Atlas desde 0.8.4 a 2.2.0. • https://lists.apache.org/thread/0rqvcxo6brmos9w3lzfsdn2lsmlblpw3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2020-17521 – groovy: OS temporary directory leads to information disclosure
https://notcve.org/view.php?id=CVE-2020-17521
07 Dec 2020 — Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in ve... • https://groovy-lang.org/security.html#CVE-2020-17521 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2020-13928
https://notcve.org/view.php?id=CVE-2020-13928
16 Sep 2020 — Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability. Apache Atlas versiones anteriores a 2.1.0, contiene una vulnerabilidad de tipo XSS. Mientras se guardan los valores de los elementos de búsqueda o renderizado no se sanean correctamente y debido a eso se desencadena la vulnerabilidad de tipo XSS • https://lists.apache.org/thread.html/ra468036f913be41b0c8fea74f91d53e273b0bfa838a4b140a5dcd463%40%3Cuser.atlas.apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 0CVE-2019-10070
https://notcve.org/view.php?id=CVE-2019-10070
18 Nov 2019 — Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality La versiones 0.8.3 y 1.1.0 de Apache Atlas fueron encontradas vulnerables a ataques de tipo Cross-Site Scripting Almacenados en la funcionalidad de búsqueda. • https://lists.apache.org/thread.html/cc21437c4c5053a13e13332d614d5172f39da03491fe17ae260be221%40%3Cdev.atlas.apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2017-3150
https://notcve.org/view.php?id=CVE-2017-3150
29 Aug 2017 — Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. Apache Atlas en sus versiones 0.6.0-incubating y 0.7.0-incubating emplea cookies que podrían ser accesibles para un script del lado del cliente. • http://www.securityfocus.com/bid/100536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2017-3151
https://notcve.org/view.php?id=CVE-2017-3151
29 Aug 2017 — Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality. Apache Atlas en sus versiones 0.6.0-incubating y 0.7.0-incubating es vulnerable a Stored Cross-Site Scripting en la funcionalidad edit-tag. • http://www.securityfocus.com/bid/100547 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2017-3152
https://notcve.org/view.php?id=CVE-2017-3152
29 Aug 2017 — Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. Apache Atlas en sus versiones 0.6.0-incubating y 0.7.0-incubating es vulnerable a DOM XSS en la funcionalidad edit-tag. • http://www.securityfocus.com/bid/100577 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2017-3153
https://notcve.org/view.php?id=CVE-2017-3153
29 Aug 2017 — Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. Apache Atlas en sus versiones 0.6.0-incubating y 0.7.0-incubating es vulnerable a XSS reflejado en la funcionalidad search. • http://www.securityfocus.com/bid/100578 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-3154
https://notcve.org/view.php?id=CVE-2017-3154
29 Aug 2017 — Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. Las respuestas de error de Apache Atlas en sus versiones 0.6.0-incubating y 0.7.0-incubating incluyen seguimiento de la pila, lo que expone información excesiva. • http://www.securityfocus.com/bid/100581 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •