Apache Atlas: zip path traversal in import functionality
CVE-2022-34271

8.8HIGH

Key Information:

Vendor: Apache
Status: Apache Atlas
Vendor: CVE Published:; 14 December 2022

Summary

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.

Affected Version(s)

Apache Atlas 0.8.4 < 2.3.0

References

https://lists.apache.org/thread/0rqvcxo6brmos9w3lzfsdn2ls...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2022
Vulnerability Reserved
Jun 22, 2022

Credit

Huangzhicong