CVE-2024-46910

HIGH

Apache Atlas < 2.4.0 - Basic XSS

Title source: rule

Description

An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue.

References (2)

[Issue Tracking, Mailing List, Vendor Advisory] https://lists.apache.org/thread/sqzp34l4cdk21zoq5g31qlsvr7jvb1fy

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2025/02/12/2

Scores

CVSS v3 7.1

EPSS 0.0021

EPSS Percentile 43.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Classification

CWE

CWE-80

Status published

Affected Products (2)

apache/atlas < 2.4.0

org.apache.atlas/apache-atlas < 2.4.0Maven

Timeline

Published Feb 13, 2025

Tracked Since Feb 18, 2026