4 matches found
CVE-2017-15712
CVE-2017-15712 affects Apache Oozie before fixes: vulnerable versions include 3.1.3-incubating up to 4.3.0 and 5.0.0-beta1. The issue allows a remote attacker to obtain private files on the Oozie server by crafting a workflow XML that references sensitive files via XML directives/configuration. T...
CVE-2018-11799
CVE-2018-11799 affects Apache Oozie 3.1.3-incubating through 5.0.0. A malicious user can craft an XML payload that results in workflows running under another user’s name, enabling impersonation. The provided connected documents confirm the vulnerable product/version and the impersonation impact; ...
CVE-2025-26796
CVE-2025-26796 concerns Apache Oozie, stating a Cross-site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. The vulnerability affects Apache Oozie across all versions and, per the sources, the project is retired with no planned patch; users are ...
CVE-2020-35451
CVE-2020-35451 affects Apache Oozie (OozieSharelibCLI component). A race condition during the creation of Oozie sharelib in versions prior to 5.2.1 allows a malicious attacker to replace files in Oozie’s sharelib while it is being created. The core issue is concurrent access to shared resources w...