Vulnerability Details CVE-2018-11799
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user's name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.3%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://www.securityfocus.com/bid/106266
- https://lists.apache.org/thread.html/347e7a8cb86014b7ca37e49eb00b8d088203bdc0bcfb4799f8e5955a%40%3Cuser.oozie.apache.org%3E
- http://www.securityfocus.com/bid/106266
- https://lists.apache.org/thread.html/347e7a8cb86014b7ca37e49eb00b8d088203bdc0bcfb4799f8e5955a%40%3Cuser.oozie.apache.org%3E
Products affected by CVE-2018-11799
-
cpe:2.3:a:apache:oozie:3.1.3
-
cpe:2.3:a:apache:oozie:3.2.0
-
cpe:2.3:a:apache:oozie:3.3.0
-
cpe:2.3:a:apache:oozie:3.3.1
-
cpe:2.3:a:apache:oozie:3.3.2
-
cpe:2.3:a:apache:oozie:4.0.0
-
cpe:2.3:a:apache:oozie:4.0.1
-
cpe:2.3:a:apache:oozie:4.1.0
-
cpe:2.3:a:apache:oozie:4.2.0
-
cpe:2.3:a:apache:oozie:4.3.0
-
cpe:2.3:a:apache:oozie:4.3.1
-
cpe:2.3:a:apache:oozie:5.0.0