Описание
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:oozie:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:3.2.0:incubating:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:3.3.0:rc0:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:3.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:3.3.1:rc0:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:3.3.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:3.3.2:rc0:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:4.0.0:rc0:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:4.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:4.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:4.0.1:rc0:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:4.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:4.1.0:rc0:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:4.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:4.2.0:rc0:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:4.3.0:rc0:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:4.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:oozie:5.0.0:beta1:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00659
Низкий
6.5 Medium
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
EPSS
Процентиль: 71%
0.00659
Низкий
6.5 Medium
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-22