Stored Cross-Site Scripting Vulnerability in Apache Atlas by Apache
CVE-2017-3151

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Apache Atlas
Vendor: CVE Published:; 29 August 2017

What is CVE-2017-3151?

Versions 0.6.0-incubating and 0.7.0-incubating of Apache Atlas are susceptible to a stored cross-site scripting (XSS) issue that occurs in the edit-tag functionality. This vulnerability can potentially allow an attacker to inject malicious scripts that are executed in the context of an authenticated user, leading to unauthorized actions or data exposure.

Affected Version(s)

Apache Atlas 0.6.0-incubating

Apache Atlas 0.7.0-incubating

References

http://www.securityfocus.com/bid/100547

vdb-entryx_refsource_BID

https://lists.apache.org/thread.html/4a4fef91e067fd0d9da5...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2017
Vulnerability Reserved
Dec 5, 2016