Reflected XSS Vulnerability in Apache Atlas by Apache
CVE-2017-3153

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Apache Atlas
Vendor: CVE Published:; 29 August 2017

What is CVE-2017-3153?

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating have been identified with a reflected XSS vulnerability in their search functionality. This flaw allows attackers to execute arbitrary scripts in the context of the user's session, potentially leading to data theft or session hijacking. Users of affected versions are advised to upgrade to patched versions to ensure their systems remain secure against such threats.

Affected Version(s)

Apache Atlas 0.6.0-incubating

Apache Atlas 0.7.0-incubating

References

https://lists.apache.org/thread.html/4a4fef91e067fd0d9da5...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/100578

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2017
Vulnerability Reserved
Dec 5, 2016