Apache Oozie vulnerabilities
3 known vulnerabilities affecting apache/oozie.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2020-35451MEDIUMCVSS 4.7fixed in 5.2.12021-03-09
CVE-2020-35451 [MEDIUM] CWE-377 CVE-2020-35451: There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a ma
There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation.
nvd
CVE-2018-11799MEDIUMCVSS 6.5≥ 3.1.3, < 5.1.0v3.1.32018-12-19
CVE-2018-11799 [MEDIUM] CWE-20 CVE-2018-11799: Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. Th
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user's name.
nvd
CVE-2017-15712MEDIUMCVSS 6.5v3.1.2v3.1.3+11 more2018-02-19
CVE-2017-15712 [MEDIUM] CWE-22 CVE-2017-15712: Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose priv
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.
nvd