12 matches found
CVE-2023-50380
XML External Entity injection in apache ambari versions = 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The...
XML External Entity
org.apache.ambari.contrib.views:wfmanager is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper validation of user input, specifically within the Oozie Workflow Scheduler, allowing for root-level file reading and privilege escalation from low-privilege users...
GHSA-QRP9-23P7-G5MF Apache Ambari XML External Entity injection
XML External Entity injection in Apache Ambari versions = 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The...
Apache Ambari XML External Entity injection
XML External Entity injection in Apache Ambari versions = 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The...
CVE-2023-50380
XML External Entity injection in apache ambari versions = 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The...
CVE-2023-50380
XML External Entity injection in apache ambari versions = 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The...
Xxe
XML External Entity injection in apache ambari versions = 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The...
CVE-2023-50380 Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server
XML External Entity injection in apache ambari versions = 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The...
CVE-2023-50380
CVE-2023-50380 describes an XML External Entity (XXE) injection in Apache Ambari (affecting versions ≤ 2.7.7) due to improper input validation in the Oozie Workflow Scheduler. The issue could allow reading arbitrary server files (root-level) and may enable privilege escalation from low-privilege ...
CVE-2023-50380 Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server
XML External Entity injection in apache ambari versions = 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The...
CVE-2023-36419 Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability
...
PT-2023-6076 · Microsoft · Azure Hdinsight Apache Oozie Workflow Scheduler
Name of the Vulnerable Software and Affected Versions: Azure HDInsight Apache Oozie Workflow Scheduler affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the Azure HDInsight Apache Oozie Workflow Scheduler. It is associated with...