CVE-2018-11799 Vulnerability in maven package org.apache.oozie:oozie-core

Description

Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user's name.

Remediation

References

http://www.securityfocus.com/bid/106266

https://lists.apache.org/thread.html/347e7a8cb86014b7ca37e49eb00b8d088203bdc0bcfb4799f8e5955a%40%3Cuser.oozie.apache.org%3E

Related Vulnerabilities

CVE-2019-5918 Vulnerability in maven package com.nablarch.framework:nablarch-core-dataformat

CVE-2020-5219 Vulnerability in npm package angular-expressions

CVE-2020-5242 Vulnerability in maven package org.openhab.addons.bundles:org.openhab.transform.exec

CVE-2018-3818 Vulnerability in npm package kibana

CVE-2016-4469 Vulnerability in maven package org.apache.archiva:archiva-webapp

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N