Date: Tue, 9 Mar 2021 16:02:23 +0100 From: Gézapeti Cseh <gezapeti@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2020-35451: Oozie local privilege escalation Description: There is a race condition in OozieSharelibCLI which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation. A race condition in OozieSharelibCLI allows an attacker to replace the contents of the sharelib. This issue affects Apache Oozie versions prior to 5.2.1. Mitigation: Validate the contents of the sharelib after uploading. Credit: The Apache Oozie PMC would like to thank Jonathan Leitschuh for reporting the issue
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.