Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 9 Mar 2021 16:02:23 +0100
From: G├ęzapeti Cseh <gezapeti@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2020-35451: Oozie local privilege escalation

Description:

There is a race condition in OozieSharelibCLI which allows a malicious
attacker to replace the files in Oozie's sharelib during it's
creation.

A race condition in OozieSharelibCLI allows an attacker to replace the
contents of the sharelib.  This issue affects Apache Oozie versions
prior to 5.2.1.

Mitigation:

Validate the contents of the sharelib after uploading.

Credit:

The Apache Oozie PMC would like to thank Jonathan Leitschuh for
reporting the issue

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.