CVE-2017-15712 - Vulnerability Details

Vendors	Products
Apache	Oozie

Link	Providers
http://www.securityfocus.com/bid/103102
https://lists.apache.org/thread.html/4606709264fe7cb0285e2a12aca2d01a06b14cd58791c9fc32abd216%40%3Cdev.oozie.apache.org%3E

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Apache Oozie", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "3.1.3-incubating to 4.3.0"}, {"status": "affected", "version": "5.0.0-beta1"}]}], "datePublic": "2018-02-15T00:00:00", "descriptions": [{"lang": "en", "value": "Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-22T10:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "103102", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103102"}, {"name": "[dev] 20180215 [CVE-2017-15712] Apache Oozie Server vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/4606709264fe7cb0285e2a12aca2d01a06b14cd58791c9fc32abd216%40%3Cdev.oozie.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-02-15T00:00:00", "ID": "CVE-2017-15712", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Oozie", "version": {"version_data": [{"version_value": "3.1.3-incubating to 4.3.0"}, {"version_value": "5.0.0-beta1"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "103102", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103102"}, {"name": "[dev] 20180215 [CVE-2017-15712] Apache Oozie Server vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/4606709264fe7cb0285e2a12aca2d01a06b14cd58791c9fc32abd216@%3Cdev.oozie.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:04:49.266Z"}, "title": "CVE Program Container", "references": [{"name": "103102", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103102"}, {"name": "[dev] 20180215 [CVE-2017-15712] Apache Oozie Server vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/4606709264fe7cb0285e2a12aca2d01a06b14cd58791c9fc32abd216%40%3Cdev.oozie.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-15712", "datePublished": "2018-02-19T14:00:00Z", "dateReserved": "2017-10-21T00:00:00", "dateUpdated": "2024-09-17T01:46:21.738Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Apache Oozie (string)

vendor : Apache Software Foundation (string)

versions : [ »

0 : { »

status : affected (string)

version : 3.1.3-incubating to 4.3.0 (string)

}

1 : { »

status : affected (string)

version : 5.0.0-beta1 (string)

}

]

}

]

datePublic : 2018-02-15T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Information Disclosure (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-02-22T10:57:01 (string)

orgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

shortName : apache (string)

}

references : [ »

0 : { »

name : 103102 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/103102 (string)

}

1 : { »

name : [dev] 20180215 [CVE-2017-15712] Apache Oozie Server vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/4606709264fe7cb0285e2a12aca2d01a06b14cd58791c9fc32abd216%40%3Cdev.oozie.apache.org%3E (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@apache.org (string)

DATE_PUBLIC : 2018-02-15T00:00:00 (string)

ID : CVE-2017-15712 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Apache Oozie (string)

version : { »

version_data : [ »

0 : { »

version_value : 3.1.3-incubating to 4.3.0 (string)

}

1 : { »

version_value : 5.0.0-beta1 (string)

}

]

}

]

}

vendor_name : Apache Software Foundation (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Information Disclosure (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 103102 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/103102 (string)

}

1 : { »

name : [dev] 20180215 [CVE-2017-15712] Apache Oozie Server vulnerability (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/4606709264fe7cb0285e2a12aca2d01a06b14cd58791c9fc32abd216@%3Cdev.oozie.apache.org%3E (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T20:04:49.266Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 103102 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/103102 (string)

}

1 : { »

name : [dev] 20180215 [CVE-2017-15712] Apache Oozie Server vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/4606709264fe7cb0285e2a12aca2d01a06b14cd58791c9fc32abd216%40%3Cdev.oozie.apache.org%3E (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

assignerShortName : apache (string)

cveId : CVE-2017-15712 (string)

datePublished : 2018-02-19T14:00:00Z (string)

dateReserved : 2017-10-21T00:00:00 (string)

dateUpdated : 2024-09-17T01:46:21.738Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:oozie:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8E27E277-5C05-4A7F-8F3A-705A69CC64C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "553025E8-0C63-4884-AF2B-DE273495FEE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "3FDD671D-4BB7-4E34-9FA3-9CBC5D8C72E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "61DE1BFA-1092-451C-8298-2B18E504C0F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:3.2.0:incubating:*:*:*:*:*:*", "matchCriteriaId": "2E3F39F1-D6A4-4A3D-A599-BDA44C35F325", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "3FB5A75F-E3D6-4473-ACC9-A395784E9257", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:3.3.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "54AA2C05-D12A-40B2-9057-678DE35A26D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:3.3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "E7EF67B4-BAFB-487D-972C-258213C6A400", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D645772-64AA-4D4D-9206-A858592E053D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:3.3.1:rc0:*:*:*:*:*:*", "matchCriteriaId": "34085D87-5EE4-478D-8A6B-97E05F965AFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:3.3.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "5682A48E-976D-4F0D-BA4C-63B42788500F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "0B0D2683-519E-4833-9A68-0EA11DF93829", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:3.3.2:rc0:*:*:*:*:*:*", "matchCriteriaId": "4AA8E7A5-530A-4EEE-8613-ECD01CCFA0B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D6A0A49A-A1B4-4FEB-94E3-762E40A816E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:4.0.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "92AFFD7F-3B8F-4A06-9EF9-C1BFC6D97519", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:4.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "160E96D4-289C-4021-B1D7-2EA9001150A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:4.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "8DEC1364-33EE-41EB-8692-9039BA7D7969", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A24D04C-CE3C-49FF-B340-D204CFF458E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:4.0.1:rc0:*:*:*:*:*:*", "matchCriteriaId": "7EC90787-032C-48CC-BCAF-F1D0123B73B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:4.0.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "963D7266-7665-4849-867F-4DDEC8166813", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CE25673C-5D56-42CF-8611-E6189B6A7FD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:4.1.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "6343A815-8D76-458C-BB3E-2B095543DA2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:4.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "6E2BC58D-1695-453B-809C-EAC92D2BDD24", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "30F5CE52-B0A6-433E-B8C0-346A9E16FC7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:4.2.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "CF297DCD-64F6-4035-9998-010CEE6E59F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DD866B64-C655-4FEA-B1DA-012A0AE5397F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:4.3.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "39A5D900-5625-4653-BC46-B42E2BF97D86", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:4.3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "0C14F101-7DBA-4872-A055-45B0D6DE2F1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:oozie:5.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "3C5FADBD-3A42-4BA4-A48E-3AB3AF941C48", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host."}, {"lang": "es", "value": "Vulnerabilidad permite que un usuario de Apache Oozie desde la versi\u00f3n 3.1.3-incubating hasta la 4.3.0 y 5.0.0-beta1 exponga archivos privados en el proceso del servidor Oozie. Este usuario malicioso puede construir un archivo XML de flujo de trabajo que contenga directivas XML y configuraci\u00f3n que haga referencia a archivos sensibles en el host del servidor del Oozie."}], "id": "CVE-2017-15712", "lastModified": "2024-11-21T03:15:03.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-19T14:29:00.207", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103102"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/4606709264fe7cb0285e2a12aca2d01a06b14cd58791c9fc32abd216%40%3Cdev.oozie.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103102"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/4606709264fe7cb0285e2a12aca2d01a06b14cd58791c9fc32abd216%40%3Cdev.oozie.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apache:oozie:3.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 8E27E277-5C05-4A7F-8F3A-705A69CC64C1 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:apache:oozie:3.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 553025E8-0C63-4884-AF2B-DE273495FEE6 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:apache:oozie:3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 3FDD671D-4BB7-4E34-9FA3-9CBC5D8C72E4 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:apache:oozie:3.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 61DE1BFA-1092-451C-8298-2B18E504C0F5 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:apache:oozie:3.2.0:incubating:*:*:*:*:*:* (string)

matchCriteriaId : 2E3F39F1-D6A4-4A3D-A599-BDA44C35F325 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:apache:oozie:3.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 3FB5A75F-E3D6-4473-ACC9-A395784E9257 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:apache:oozie:3.3.0:rc0:*:*:*:*:*:* (string)

matchCriteriaId : 54AA2C05-D12A-40B2-9057-678DE35A26D0 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:apache:oozie:3.3.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : E7EF67B4-BAFB-487D-972C-258213C6A400 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:apache:oozie:3.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 1D645772-64AA-4D4D-9206-A858592E053D (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:apache:oozie:3.3.1:rc0:*:*:*:*:*:* (string)

matchCriteriaId : 34085D87-5EE4-478D-8A6B-97E05F965AFF (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:apache:oozie:3.3.1:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 5682A48E-976D-4F0D-BA4C-63B42788500F (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:apache:oozie:3.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 0B0D2683-519E-4833-9A68-0EA11DF93829 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:apache:oozie:3.3.2:rc0:*:*:*:*:*:* (string)

matchCriteriaId : 4AA8E7A5-530A-4EEE-8613-ECD01CCFA0B8 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:apache:oozie:4.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D6A0A49A-A1B4-4FEB-94E3-762E40A816E0 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:apache:oozie:4.0.0:rc0:*:*:*:*:*:* (string)

matchCriteriaId : 92AFFD7F-3B8F-4A06-9EF9-C1BFC6D97519 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:apache:oozie:4.0.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 160E96D4-289C-4021-B1D7-2EA9001150A1 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:apache:oozie:4.0.0:rc3:*:*:*:*:*:* (string)

matchCriteriaId : 8DEC1364-33EE-41EB-8692-9039BA7D7969 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:apache:oozie:4.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 3A24D04C-CE3C-49FF-B340-D204CFF458E9 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:apache:oozie:4.0.1:rc0:*:*:*:*:*:* (string)

matchCriteriaId : 7EC90787-032C-48CC-BCAF-F1D0123B73B5 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:apache:oozie:4.0.1:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 963D7266-7665-4849-867F-4DDEC8166813 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:apache:oozie:4.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : CE25673C-5D56-42CF-8611-E6189B6A7FD4 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:apache:oozie:4.1.0:rc0:*:*:*:*:*:* (string)

matchCriteriaId : 6343A815-8D76-458C-BB3E-2B095543DA2F (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:apache:oozie:4.1.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 6E2BC58D-1695-453B-809C-EAC92D2BDD24 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:apache:oozie:4.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 30F5CE52-B0A6-433E-B8C0-346A9E16FC7F (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:apache:oozie:4.2.0:rc0:*:*:*:*:*:* (string)

matchCriteriaId : CF297DCD-64F6-4035-9998-010CEE6E59F3 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:apache:oozie:4.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : DD866B64-C655-4FEA-B1DA-012A0AE5397F (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:apache:oozie:4.3.0:rc0:*:*:*:*:*:* (string)

matchCriteriaId : 39A5D900-5625-4653-BC46-B42E2BF97D86 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:apache:oozie:4.3.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 0C14F101-7DBA-4872-A055-45B0D6DE2F1D (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:apache:oozie:5.0.0:beta1:*:*:*:*:*:* (string)

matchCriteriaId : 3C5FADBD-3A42-4BA4-A48E-3AB3AF941C48 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host. (string)

}

1 : { »

lang : es (string)

value : Vulnerabilidad permite que un usuario de Apache Oozie desde la versión 3.1.3-incubating hasta la 4.3.0 y 5.0.0-beta1 exponga archivos privados en el proceso del servidor Oozie. Este usuario malicioso puede construir un archivo XML de flujo de trabajo que contenga directivas XML y configuración que haga referencia a archivos sensibles en el host del servidor del Oozie. (string)

}

]

id : CVE-2017-15712 (string)

lastModified : 2024-11-21T03:15:03.943 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 6.8 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:S/C:C/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 6.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-02-19T14:29:00.207 (string)

references : [ »

0 : { »

source : security@apache.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/103102 (string)

}

1 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/4606709264fe7cb0285e2a12aca2d01a06b14cd58791c9fc32abd216%40%3Cdev.oozie.apache.org%3E (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/103102 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/4606709264fe7cb0285e2a12aca2d01a06b14cd58791c9fc32abd216%40%3Cdev.oozie.apache.org%3E (string)

}

]

sourceIdentifier : security@apache.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-22 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object