Back to search
CVE-2017-15712
Published: Feb 19, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Oozie | affected 3.1.3-incubating to 4.3.0affected 5.0.0-beta1 |
References
103102
vdb-entry
x_refsource_BID
[dev] 20180215 [CVE-2017-15712] Apache Oozie Server vulnerability
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now