CVE-2018-11799
N/A
N/A
Summary
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user's name.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Oozie | Apache Oozie 3.1.3-incubating to 5.0.0 | affected |
Weaknesses
- Gain Privileges
ADP Enrichment
CVE Program Container
Additional References
- https://lists.apache.org/thread.html/347e7a8cb86014b7ca37e49eb00b8d088203bdc0bcfb4799f8e5955a%40%3Cuser.oozie.apache.org%3E
- http://www.securityfocus.com/bid/106266
References
- https://lists.apache.org/thread.html/347e7a8cb86014b7ca37e49eb00b8d088203bdc0bcfb4799f8e5955a%40%3Cuser.oozie.apache.org%3E
- http://www.securityfocus.com/bid/106266
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.