Summary: A critical security vulnerability (CVE-2024-46910) has been found in Apache Atlas, allowing authenticated users to execute cross-site scripting (XSS) attacks and impersonate others, threatening data integrity and governance processes. Organizations using versions 2.3.0 and earlier are urged to upgrade to version 2.4.0 immediately to mitigate these risks. The advisory highlights the potential for severe data breaches and manipulation of governance policies, emphasizing the urgency of the update.
Affected: Apache Atlas (versions 2.3.0 and earlier)
Keypoints :
- Vulnerability allows authenticated users to perform XSS attacks.
- Potential for user impersonation could undermine data governance efforts.
- Immediate upgrade to version 2.4.0 is strongly recommended to secure systems.
- Delaying the upgrade increases risk of data breaches and policy manipulation.
Source: https://securityonline.info/xss-flaw-in-apache-atlas-cve-2024-46910-puts-data-governance-at-risk/