CVE-2018-11799
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-11799
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11799.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-11799
- Aliases
- Published
- 2018-12-19T20:29:00Z
- Modified
- 2025-10-15T04:35:49Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user's name.
- References
Affected packages
Git / github.com/apache/oozie
Database specific
vanir_signatures
[
{
"id": "CVE-2018-11799-02802386",
"target": {
"function": "writeScript",
"file": "core/src/test/java/org/apache/oozie/action/hadoop/TestShellContentWriter.java"
},
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 302.0,
"function_hash": "160194018468072020635403387757425004881"
},
"deprecated": false,
"source": "https://github.com/apache/oozie/commit/352b76ebc9f5c3f548275214f1a29078622ab830"
},
{
"id": "CVE-2018-11799-5bac1dbb",
"target": {
"function": "print",
"file": "sharelib/oozie/src/main/java/org/apache/oozie/action/hadoop/ShellContentWriter.java"
},
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 910.0,
"function_hash": "168159148419434136421736128982621231734"
},
"deprecated": false,
"source": "https://github.com/apache/oozie/commit/352b76ebc9f5c3f548275214f1a29078622ab830"
},
{
"id": "CVE-2018-11799-64ef7fed",
"target": {
"function": "testMissingFile",
"file": "core/src/test/java/org/apache/oozie/action/hadoop/TestShellContentWriter.java"
},
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 244.0,
"function_hash": "264970747429871551663195328184138576444"
},
"deprecated": false,
"source": "https://github.com/apache/oozie/commit/352b76ebc9f5c3f548275214f1a29078622ab830"
},
{
"id": "CVE-2018-11799-abbe06b3",
"target": {
"file": "sharelib/oozie/src/main/java/org/apache/oozie/action/hadoop/ShellContentWriter.java"
},
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"233246631065754539357421312588662251221",
"295776024517750380090261865488681407365",
"121819447314944507662208143820503064790",
"285572287153155005233481418733062534817",
"339882242034407000816010290823637190034",
"81546773024659273036053770065409482347",
"219824660516711567392605864520538268804",
"98145750593739261586556647153234746200",
"311910325282607174476351137980074695995",
"172651663341236152387988707400589771309",
"111095968980427487803250738284626427347",
"251002249673703171680416722390289030638",
"322546647638909165221269474226972646083",
"32461531651547481647097425522581667031",
"231685329752114104016313375756587344763",
"163687871603659082352807640796016531980"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://github.com/apache/oozie/commit/352b76ebc9f5c3f548275214f1a29078622ab830"
},
{
"id": "CVE-2018-11799-f2c973bc",
"target": {
"file": "core/src/test/java/org/apache/oozie/action/hadoop/TestShellContentWriter.java"
},
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"325683535220765380623283808865366175738",
"66879726538751252127556043308924606450",
"151019593348407694783823277815940564864",
"309548290027564469889926410849180966533",
"269274197580082869728296277736494913415",
"54868532243595256360010527147784197970",
"84847430953750215999702358987251061699",
"12266625577712117940631813298745423004",
"197696845149513557048264785260584648519",
"199767383247030216428768509475147890840",
"178208865892233296082273662609781839066",
"28850267855991754428824947421678206287",
"252254792962867012099763021370565955881",
"270871632772676675570736611076465255434",
"227832253040215488018985448982172058458"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://github.com/apache/oozie/commit/352b76ebc9f5c3f548275214f1a29078622ab830"
}
]