org.apache.ambari.contrib.views:wfmanager is vulnerable to XML External Entity (XXE) injection. The vulnerability is due to improper validation of user input, specifically within the Oozie Workflow Scheduler, allowing for root-level file reading and privilege escalation from low-privilege users.
CPE | Name | Operator | Version |
---|---|---|---|
ambari contrib wfmanager | eq | 2.7.3.2.19 | |
ambari contrib wfmanager | eq | 2.7.3.2.19 |