=====================================================================

                                CERT-Renater

                     Note d'Information No. 2022/VULN486

_____________________________________________________________________

DATE                : 22/12/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Atlas versions 0.8.4 up
                                   to and including 2.2.0.

=====================================================================
https://lists.apache.org/thread/0rqvcxo6brmos9w3lzfsdn2lsmlblpw3
_____________________________________________________________________


CVE-2022-34271: Apache Atlas: zip path traversal in import functionality
Posted to user@atlas.apache.org
Madhan Neethiraj

Severity: moderate


Description:

A vulnerability in import module of Apache Atlas allows an
authenticated user to write to web server filesystem.  This
issue affects Apache Atlas versions from 0.8.4 to 2.2.0.

This issue is being tracked as ATLAS-4622


Credit:

Huangzhicong (finder)

References:

https://atlas.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-34271
https://issues.apache.org/jira/browse/ATLAS-4622


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================