====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN514
_____________________________________________________________________

DATE                : 15/09/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Atlas versions prior to
                                        2.1.0.

=====================================================================
http://mail-archives.apache.org/mod_mbox/atlas-user/202009.mbox/%3cCADz7AfzRbjRCzvgccqm_XK+02450utPAYwrsTAjSFEGVimmbQA@mail.gmail.com%3e
_____________________________________________________________________

Hello,



Please find below details on CVE fixed in Apache Atlas releases *2.1.0*

-------------------------------------------------------------------------------------------------

CVE-2020-13928:         Atlas was found vulnerable to a Cross-Site
Scripting in Basic Search functionality.

Severity:                      Critical

Vendor:                        The Apache Software Foundation

Versions affected:        Apache Atlas versions 2.0.0

Users affected:            Apache Atlas UI search functionality, Save Search

Description:                  Apache Atlas Multiple XSS Vulnerability

Fix detail:                     Apache Atlas was updated to sanitize the
user input and while rendering

Mitigation:                    Users should upgrade to 2.1.0 or later
version of Apache Atlas

Credit:                         Michał Orzechowski


-------------------------------------------------------------------------------------------------



Thanks,

Keval

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================