CVE-2017-15712

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-15712
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15712.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-15712
Aliases
Published
2018-02-19T14:29:00Z
Modified
2024-09-03T01:45:09.706649Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.

References

Affected packages

Git / github.com/apache/oozie

Affected ranges

Type
GIT
Repo
https://github.com/apache/oozie
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
05fbfd1f50f34b589dac6c8c2b4b485ec95957b3
Last affected
0edf8f61d306137760589b81975cd7b42d116b84
Last affected
2511fcb8816c7122d679c3534ffbf77c77d9e514
Last affected
2f80d42d46b3ccaba3262129c4a6cf4b3d6a66d4
Last affected
40c1f1d4affeebed60d5aa4de64231846e181fc4
Last affected
4221dcfdb0d084c2e57c8216fc6145349b29aaa5
Last affected
46402ac45577fcbe946ab8805ce471f83d1479dd
Last affected
473da7ae75f6a0a64b750582b97ed7453c3a2715
Last affected
4b757158c68e4bb14dfeba5f6405bdaacaf9087f
Last affected
4e91758fa198c5245acb29bfaad66d826cfcd09c
Last affected
538fcf1803264c9fbbae1a5ce8d278fad6ec24a8
Last affected
5979f85215c264e087d9cc535229e088ef25f211
Last affected
759af5bfd63fca6446107cc31244f815ee49d2dd
Last affected
7e302d26f8d4e4a49958b48e4849ce85c528548a
Last affected
8d58cf766732e2431afc1b0f8871afdd1ee054dd
Last affected
9e75bfb6fd17a7ef573737adada9619e19c19cea
Last affected
ac6c4fc07511594f41319bd3e549d5a256be01fe
Last affected
ae47150f00832a40a79680bb189bb9b5a9ed7423
Last affected
ca0f969098ff6a49c8ae852fca7358ddebf9b5ae
Last affected
cf0214ffab0809f1186118f1b022c6d9717b342b
Last affected
fababc4f65042beef88910d13bf5dec88910e4a0
Last affected
fbd2e7ab5556d9f99debce45a0f48bc522657bc5
Last affected
fdaf66a99d60244ee2daf21da3b552543a5c8553
Last affected
fe8d85a4f0467f3ad7e8d7fc8ab4ebd89fa5fe3f

Affected versions

release-4.*

release-4.0.1-rc0
release-4.1.0
release-4.1.0-rc0
release-4.1.0-rc1
release-4.2.0
release-4.2.0-rc0
release-4.3.0-rc0

release-5.*

release-5.0.0-beta1
release-5.0.0-beta1-rc0
release-5.0.0-beta1-rc1
release-5.0.0-beta1-rc2