A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details.
Apache Atlas contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability.
Error responses from Apache Atlas include stack traces, exposing excessive information.
Apache Atlas allow access to the webapp directory contents by pointing to URIs like /js and /img.
Apache Atlas uses cookies that could be accessible to client-side script.
Apache Atlas is vulnerable to DOM XSS in the edit-tag functionality.
Apache Atlas is vulnerable to cross frame scripting.
Apache Atlas is vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
Apache Atlas is vulnerable to Reflected XSS in the search functionality.