Cross-Site Scripting Vulnerability in Apache Atlas by Apache
CVE-2024-46910

7.1HIGH

Key Information:

Vendor: Apache
Status: Apache Atlas
Vendor: CVE Published:; 13 February 2025

Summary

A cross-site scripting vulnerability exists in Apache Atlas that allows authenticated users to execute malicious scripts, potentially enabling impersonation of other users. This issue impacts all versions up to 2.3.0. To safeguard against this risk, users are strongly advised to upgrade to version 2.4.0, which effectively addresses the vulnerability.

Affected Version(s)

Apache Atlas 2.0.0 <= 2.3.0

References

https://lists.apache.org/thread/sqzp34l4cdk21zoq5g31qlsvr...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Sep 13, 2024

Credit

[email protected]