PT-2019-4252 · Apache · Apache Atlas

Published

2019-11-17

Updated

2020-01-08

CVE-2019-10070

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Apache Atlas versions 0.8.3 and 1.1.0

Description The issue is related to the lack of input data sanitization in the Apache Atlas metadata management system. This can be exploited by a remote attacker to perform cross-site scripting attacks, specifically Stored Cross-Site Scripting in the search functionality.

Recommendations For Apache Atlas version 0.8.3, update to a version that includes input sanitization to prevent cross-site scripting attacks. For Apache Atlas version 1.1.0, apply the necessary patches or configuration changes to ensure proper input data cleaning in the search functionality. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2019-04853

CVE-2019-10070

GHSA-V62J-FCXQ-J239

Affected Products

Apache Atlas

PT-2019-4252 · Apache · Apache Atlas

CVE-2019-10070

Weakness Enumeration

Related Identifiers

Affected Products

References · 6