oss-sec mailing list archives
CVE-2021-36151: Apache Gobblin: Local Credentials Disclosure Vulnerability
From: Abhishek Tiwari <abti () apache org>
Date: Thu, 03 Feb 2022 18:21:00 +0000
Description: In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. Credit: Apache Gobblin would like to thank Jonathan Leitschuh for reporting this issue.
Current thread:
- CVE-2021-36151: Apache Gobblin: Local Credentials Disclosure Vulnerability Abhishek Tiwari (Feb 03)