Path Traversal in Apache Oozie
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Package
Affected versions
>= 3.1.3, < 5.0.0
Patched versions
5.0.0
Description
Published by the National Vulnerability Database
Feb 19, 2018
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Nov 1, 2022
Last updated
Jan 30, 2023
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.
References