You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@oozie.apache.org by Gézapeti Cseh <ge...@apache.org> on 2018/12/19 18:46:03 UTC
[CVE-2018-11799] Apache Oozie security vulnerability
CVE-2018-11799: Apache Oozie security vulnerability
Severity: 8.7 (High) (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)
Vendor: The Apache Software Foundation
Versions Affected: Oozie versions earlier than 5.1.0
Description: A malicious user can construct an XML that results workflows
running in other user's name.
Mitigation: Upgrade to Apache Oozie 5.1.0
Credit: This issue was discovered by
*Satish Subhashrao Saley at Oath / Yahoo!*
Gezapeti Cseh