CVE-2018-11799

MEDIUM6.5EPSS 0.24%

Moderate severity vulnerability that affects org.apache.oozie:oozie-core

Published: 12/20/2018Modified: 11/8/2023

Description

Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user's name.

Affected packages (1)

Maven/org.apache.oozie:oozie-corefrom 0, < 5.1.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References (4)

ADVISORYhttps://github.com/advisories/GHSA-wg5w-vv93-3f7w
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-11799
WEBhttps://lists.apache.org/thread.html/347e7a8cb86014b7ca37e49eb00b8d088203bdc0bcfb4799f8e5955a@%3Cuser.oozie.apache.org%3E
WEBhttp://www.securityfocus.com/bid/106266