Vulnerability in Apache Atlas

CVE-2019-10070

Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality

EPSS: 0.014 (81.1th percentile) — read the EPSS interpretation.

Affected products

Apache Atlas — versions 0.8.3, 1.1.0

Public proof-of-concept exploits

References

[atlas-dev] 20191117 [CVE-2019-10070] Apache Atlas Stored XSS Vulnerability (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2019-10070?: CVE-2019-10070 is a vulnerability in Apache Atlas. Published 2019-11-18.
Is CVE-2019-10070 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.