CVE-2017-15712

Summary

Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Oozie3.1.3-incubating to 4.3.0affected
Apache Software FoundationApache Oozie5.0.0-beta1affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References