CVE-2022-34271

HIGH8.8EPSS 0.22%

Apache Atlas: zip path traversal in import functionality

Published: 12/14/2022Modified: 11/8/2023

Description

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.

Affected packages (1)

Maven/org.apache.atlas:apache-atlas>= 0.8.4, < 2.3.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-34271
PATCHhttps://github.com/apache/atlas
WEBhttps://github.com/apache/atlas/commit/3415913d252597c24c6b5d19d315375a49e64152
WEBhttps://issues.apache.org/jira/browse/ATLAS-4622
WEBhttps://lists.apache.org/thread/0rqvcxo6brmos9w3lzfsdn2lsmlblpw3