Sorry, sent that one too soon. Example: http://cxf.apache.org/security-advisories
Colm. On Mon, May 29, 2017 at 10:42 AM, Colm O hEigeartaigh <[email protected]> wrote: > Hi Larry, > > We should get the CVEs uploaded to the website as well (apologies if it's > already done + I missed it). For example: > > > On Fri, May 26, 2017 at 7:26 PM, larry mccay <[email protected]> wrote: > >> CVE-2017-5646: Apache Knox Impersonation Issue for WebHDFS >> >> Severity: Important >> >> Vendor: >> The Apache Software Foundation >> >> Versions Affected: >> All versions of Apache Knox prior to 0.12.0 >> >> An authenticated user may use a specially crafted URL to impersonate >> another >> user while accessing WebHDFS through Apache Knox. This may result in >> escalated >> privileges and unauthorized data access. While this activity is audit >> logged >> and can be easily associated with the authenticated user, this is still a >> serious security issue. >> >> Mitigation: >> All users are recommended to upgrade to Apache Knox 0.12.0, >> where validation, scrubbing and logging of such attempts has been added. >> >> The Apache Knox 0.12.0 release can be downloaded from: >> Source: http://www.apache.org/dyn/closer.cgi/knox/0.12.0/knox-0.12. >> 0-src.zip >> Binary: http://www.apache.org/dyn/closer.cgi/knox/0.12.0/knox-0.12.0.zip >> > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
