[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [CVE-2018-11799] Apache Oozie security vulnerability
From: Gézapeti_Cseh <gezapeti () apache ! org>
Date: 2018-12-19 18:46:03
Message-ID: CAHydKRCdXAepr6pjqqXUSWhSnnRrrYKnNSQVjsX6V2JTvM1xNA () mail ! gmail ! com
[Download RAW message or body]
CVE-2018-11799: Apache Oozie security vulnerability
Severity: 8.7 (High) (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)
Vendor: The Apache Software Foundation
Versions Affected: Oozie versions earlier than 5.1.0
Description: A malicious user can construct an XML that results workflows
running in other user's name.
Mitigation: Upgrade to Apache Oozie 5.1.0
Credit: This issue was discovered by
*Satish Subhashrao Saley at Oath / Yahoo!*
Gezapeti Cseh
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic