oss-sec mailing list archives
CVE-2020-35451: Oozie local privilege escalation
From: Gézapeti Cseh <gezapeti () apache org>
Date: Tue, 9 Mar 2021 16:02:23 +0100
Description: There is a race condition in OozieSharelibCLI which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation. A race condition in OozieSharelibCLI allows an attacker to replace the contents of the sharelib. This issue affects Apache Oozie versions prior to 5.2.1. Mitigation: Validate the contents of the sharelib after uploading. Credit: The Apache Oozie PMC would like to thank Jonathan Leitschuh for reporting the issue
Current thread:
- CVE-2020-35451: Oozie local privilege escalation Gézapeti Cseh (Mar 09)