CVE-2016-8752 Information

Description

Apache Atlas versions 0.6.0 (incubating) 0.7.0 (incubating) and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86@3Cdev.atlas.apache.org3E

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5