You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@oozie.apache.org by Gézapeti Cseh <ge...@apache.org> on 2018/12/19 18:46:03 UTC

[CVE-2018-11799] Apache Oozie security vulnerability

CVE-2018-11799: Apache Oozie security vulnerability

Severity:  8.7 (High) (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)

Vendor: The Apache Software Foundation

Versions Affected: Oozie versions earlier than 5.1.0

Description: A malicious user can construct an XML that results workflows
running in other user's name.

Mitigation: Upgrade to Apache Oozie 5.1.0

Credit: This issue was discovered by

*Satish Subhashrao Saley at Oath / Yahoo!*

Gezapeti Cseh