CVE-2024-46910 – org.apache.atlas:apache-atlas

Package

Manager: maven
Name: org.apache.atlas:apache-atlas
Vulnerable Version: >=2.0.0 <2.4.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00085 pctl0.25528

Details

Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue.

Metadata

Created: 2025-02-13T09:31:26Z
Modified: 2025-02-13T22:16:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-x3v6-f5fr-4wwv/GHSA-x3v6-f5fr-4wwv.json
CWE IDs: ["CWE-80"]
Alternative ID: GHSA-x3v6-f5fr-4wwv
Finding: F063
Auto approve: 1