CVE-2020-35451

CVE-2020-35451: Oozie local privilege escalation

Vendor Apache Software Foundation
Product Apache Oozie
Weakness CWE-377
Published March 9, 2021
Last update February 13, 2025

CVSS base score

What the vulnerability does

01Description

There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation.

Key dates

02Disclosure timeline

March 9, 2021 CVE published
February 13, 2025 Record updated