Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.
Advisories for Maven/Org.apache.atlas/Atlas-Common package
2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
Improper Access Control
Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.
Exposure of Sensitive Information to an Unauthorized Actor
Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.