'[oss-security] [CVE-2018-11799] Apache Oozie security vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [CVE-2018-11799] Apache Oozie security vulnerability
From:       Gézapeti_Cseh <gezapeti () apache ! org>
Date:       2018-12-19 18:46:03
Message-ID: CAHydKRCdXAepr6pjqqXUSWhSnnRrrYKnNSQVjsX6V2JTvM1xNA () mail ! gmail ! com
[Download RAW message or body]

CVE-2018-11799: Apache Oozie security vulnerability

Severity:  8.7 (High) (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)

Vendor: The Apache Software Foundation

Versions Affected: Oozie versions earlier than 5.1.0

Description: A malicious user can construct an XML that results workflows
running in other user's name.

Mitigation: Upgrade to Apache Oozie 5.1.0

Credit: This issue was discovered by

*Satish Subhashrao Saley at Oath / Yahoo!*

Gezapeti Cseh

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic