Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN091

_____________________________________________________________________

DATE                : 13/02/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Atlas versions prior to
                                         2.4.0.

=====================================================================
https://lists.apache.org/thread/wp4x99025xj4g40ktw7cw76fsblh2bkt
_____________________________________________________________________

CVE-2024-46910: Apache Atlas: An authenticated user can perform XSS
and potentially impersonate another user

Severity: important

Affected versions:

- Apache Atlas 2.0.0 through 2.3.0


Description:

An authenticated user can perform XSS and potentially impersonate
another user.

This issue affects Apache Atlas versions 2.3.0 and earlier.

Users are recommended to upgrade to version 2.4.0, which fixes the
issue.


Credit:

basavaraj@seciqtech.com (finder)


References:

https://atlas.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-46910


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================