Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-15712

Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.

Published

2018-02-19T14:29:00.207

Last Modified

2024-11-21T03:15:03.943

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

6.9

Weaknesses
  • Type: Primary
    CWE-22
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application apache oozie 3.1.2 Yes
Application apache oozie 3.1.3 Yes
Application apache oozie 3.2 Yes
Application apache oozie 3.2.0 Yes
Application apache oozie 3.2.0 Yes
Application apache oozie 3.3.0 Yes
Application apache oozie 3.3.0 Yes
Application apache oozie 3.3.0 Yes
Application apache oozie 3.3.1 Yes
Application apache oozie 3.3.1 Yes
Application apache oozie 3.3.1 Yes
Application apache oozie 3.3.2 Yes
Application apache oozie 3.3.2 Yes
Application apache oozie 4.0.0 Yes
Application apache oozie 4.0.0 Yes
Application apache oozie 4.0.0 Yes
Application apache oozie 4.0.0 Yes
Application apache oozie 4.0.1 Yes
Application apache oozie 4.0.1 Yes
Application apache oozie 4.0.1 Yes
Application apache oozie 4.1.0 Yes
Application apache oozie 4.1.0 Yes
Application apache oozie 4.1.0 Yes
Application apache oozie 4.2.0 Yes
Application apache oozie 4.2.0 Yes
Application apache oozie 4.3.0 Yes
Application apache oozie 4.3.0 Yes
Application apache oozie 4.3.0 Yes
Application apache oozie 5.0.0 Yes
References