Fixed in Atlas 0.8
-------------------------------------------------------------------------------------------------------
CVE-2016-8752: Atlas web server allows user to browse webapp directory
Severity: Normal
Vendor: The Apache Software Foundation
Versions Affected: 0.6.0 or 0.7.0 or 0.7.1 versions of Apache Atlas
Users affected: All users of Apache Atlas server
Description: Atlas users can access the webapp directory contents by pointing to URIs like /js, /img
Fix detail: Atlas was updated to prevent browsing of webapp directory contents
Mitigation: Users should upgrade to Apache Atlas 0.8-incubating or later version
-------------------------------------------------------------------------------------------------------
Fixed in Atlas 0.7.1
-------------------------------------------------------------------------------------------------------
CVE-2017-3150: Use of insecure cookies
Severity: Normal
Vendor: The Apache Software Foundation
Versions Affected: 0.6.0 or 0.7.0 versions of Apache Atlas
Users affected: All users of Apache Atlas server
Description: Atlas uses cookies that could be accessible to client-side script
Fix detail: Atlas was updated to make the cookies unavailable to client-side scripts
Mitigation: Users should upgrade to Apache Atlas 0.7.1-incubating or later version
-------------------------------------------------------------------------------------------------------
CVE-2017-3151: Persistent XSS vulnerability
Severity: Normal
Vendor: The Apache Software Foundation
Versions Affected: 0.6.0 or 0.7.0 versions of Apache Atlas
Users affected: All users of Apache Atlas server
Description: Atlas was found vulnerable to a Stored Cross-Site Scripting in the edit-tag functionality
Fix detail: Atlas was updated to sanitize the user input
Mitigation: Users should upgrade to Apache Atlas 0.7.1-incubating or later version
-------------------------------------------------------------------------------------------------------
CVE-2017-3152: DOM XSS threat
Severity: Normal
Vendor: The Apache Software Foundation
Versions Affected: 0.6.0 or 0.7.0 versions of Apache Atlas
Users affected: All users of Apache Atlas server
Description: Atlas was found vulnerable to a DOM XSS in the edit-tag functionality
Fix detail: Atlas was updated to sanitize the query parameters
Mitigation: Users should upgrade to Apache Atlas 0.7.1-incubating or later version
-------------------------------------------------------------------------------------------------------
CVE-2017-3153: Reflected XSS vulnerability
Severity: Normal
Vendor: The Apache Software Foundation
Versions Affected: 0.6.0 or 0.7.0 versions of Apache Atlas
Users affected: All users of Apache Atlas server
Description: Atlas was found vulnerable to a Reflected XSS in the search functionality
Fix detail: Atlas was updated to sanitize the query parameters
Mitigation: Users should upgrade to Apache Atlas 0.7.1-incubating or later version
-------------------------------------------------------------------------------------------------------
CVE-2017-3154: Stack trace in error response
Severity: Normal
Vendor: The Apache Software Foundation
Versions Affected: 0.6.0 or 0.7.0 versions of Apache Atlas
Users affected: All users of Apache Atlas server
Description: Error response from Atlas server included stack trace, exposing excessive information
Fix detail: Atlas was updated to not include stack trace in error responses
Mitigation: Users should upgrade to Apache Atlas 0.7.1-incubating or later version
-------------------------------------------------------------------------------------------------------
CVE-2017-3155: XFS - cross frame scripting vulnerability
Severity: Normal
Vendor: The Apache Software Foundation
Versions Affected: 0.6.0 or 0.7.0 versions of Apache Atlas
Users affected: All users of Apache Atlas server
Description: Atlas was found vulnerable to a cross frame scripting
Fix detail: Atlas was updated to use appropriate headers to prevent this vulnerability
Mitigation: Users should upgrade to Apache Atlas 0.7.1-incubating or later version
-------------------------------------------------------------------------------------------------------
