CVE-2016-8752

Published: Aug 29, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.

Affected (10)

Products: Apache: Atlas

Apache

1 product

Atlas

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Apache Atlas	Version 0.6.0
Apache Atlas	Version 0.6.0 rc1
Apache Atlas	Version 0.6.0 rc2
Apache Atlas	Version 0.7.0
Apache Atlas	Version 0.7.0 rc1
Apache Atlas	Version 0.7.0 rc2
Apache Atlas	Version 0.7.1
Apache Atlas	Version 0.7.1 rc1
Apache Atlas	Version 0.7.1 rc2
Apache Atlas	Version 0.7.1 rc3

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.