CVE-2020-35451

CWE-377CWE-362Race Condition3 documents3 sources
Severity
4.7MEDIUM
EPSS
0.1%
top 73.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache OozieApache Oozie
Timeline
PublishedMar 9
Latest updateMay 24

Description

There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

NVDapache/oozie< 5.2.1
CVEListV5apache_software_foundation/apache_oozieunspecified5.2.1

🔴Vulnerability Details

2
GHSA
GHSA-9rqf-w99j-7c4r: There is a race condition in OozieSharelibCLI in Apache Oozie before version 52022-05-24
CVEList
Oozie local privilege escalation2021-03-09
CVE-2020-35451 (MEDIUM CVSS 4.7) | There is a race condition in OozieS | cvebase.io