Lucene search
K
ApacheOozie

4 matches found

CVE
CVE
added 2018/02/19 2:0 p.m.73 views

CVE-2017-15712

CVE-2017-15712 affects Apache Oozie before fixes: vulnerable versions include 3.1.3-incubating up to 4.3.0 and 5.0.0-beta1. The issue allows a remote attacker to obtain private files on the Oozie server by crafting a workflow XML that references sensitive files via XML directives/configuration. T...

6.8CVSS6.3AI score0.02543EPSS
CVE
CVE
added 2018/12/19 8:0 p.m.72 views

CVE-2018-11799

CVE-2018-11799 affects Apache Oozie 3.1.3-incubating through 5.0.0. A malicious user can craft an XML payload that results in workflows running under another user’s name, enabling impersonation. The provided connected documents confirm the vulnerable product/version and the impersonation impact; ...

6.5CVSS6.3AI score0.01484EPSS
CVE
CVE
added 2025/03/22 12:23 p.m.68 views

CVE-2025-26796

CVE-2025-26796 concerns Apache Oozie, stating a Cross-site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. The vulnerability affects Apache Oozie across all versions and, per the sources, the project is retired with no planned patch; users are ...

5.4CVSS6.9AI score0.00466EPSS
CVE
CVE
added 2021/03/09 3:20 p.m.45 views

CVE-2020-35451

CVE-2020-35451 affects Apache Oozie (OozieSharelibCLI component). A race condition during the creation of Oozie sharelib in versions prior to 5.2.1 allows a malicious attacker to replace files in Oozie’s sharelib while it is being created. The core issue is concurrent access to shared resources w...

4.7CVSS4.7AI score0.00434EPSS