Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-35451 | 1 Apache | 1 Oozie | 2021-03-12 | 1.9 LOW | 4.7 MEDIUM |
There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation. | |||||
CVE-2018-11799 | 1 Apache | 1 Oozie | 2019-02-06 | 4.0 MEDIUM | 6.5 MEDIUM |
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user's name. | |||||
CVE-2017-15712 | 1 Apache | 1 Oozie | 2018-03-16 | 6.8 MEDIUM | 6.5 MEDIUM |
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host. |