User Impersonation Vulnerability in Apache Oozie
CVE-2018-11799

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Oozie
Vendor: CVE Published:; 19 December 2018

Summary

A vulnerability in Apache Oozie allows a malicious user to exploit the system by constructing specific XML inputs that enable the execution of workflows under the identity of other users. This issue arises in versions 3.1.3 through 5.0.0, leading to potential unauthorized access and actions performed within the application, compromising the security and integrity of user data.

Affected Version(s)

Apache Oozie Apache Oozie 3.1.3-incubating to 5.0.0

References

https://lists.apache.org/thread.html/347e7a8cb86014b7ca37...

x_refsource_MISC

http://www.securityfocus.com/bid/106266

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2018
Vulnerability Reserved
Jun 5, 2018