CVE-2024-46910

HIGH

Apache Atlas < 2.4.0 - Basic XSS

Title source: rule

Description

An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue.

References (2)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2025/02/12/2

[Issue Tracking, Mailing List, Vendor Advisory] https://lists.apache.org/thread/sqzp34l4cdk21zoq5g31qlsvr7jvb1fy

Scores

CVSS v3 7.1

EPSS 0.0045

EPSS Percentile 63.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-80

Status published

Products (2)

apache/atlas 2.0.0 - 2.4.0

org.apache.atlas/apache-atlas 2.0.0 - 2.4.0Maven

Published Feb 13, 2025

Tracked Since Feb 18, 2026