Yes, Colm - I was thinking the same thing.
Need to add a separate page for this.
Thanks,

--larry

On Mon, May 29, 2017 at 5:43 AM, Colm O hEigeartaigh <[email protected]>
wrote:

> Sorry, sent that one too soon. Example:
>
> http://cxf.apache.org/security-advisories
>
> Colm.
>
> On Mon, May 29, 2017 at 10:42 AM, Colm O hEigeartaigh <[email protected]
> >
> wrote:
>
> > Hi Larry,
> >
> > We should get the CVEs uploaded to the website as well (apologies if it's
> > already done + I missed it). For example:
> >
> >
> > On Fri, May 26, 2017 at 7:26 PM, larry mccay <[email protected]> wrote:
> >
> >> CVE-2017-5646: Apache Knox Impersonation Issue for WebHDFS
> >>
> >> Severity: Important
> >>
> >> Vendor:
> >> The Apache Software Foundation
> >>
> >> Versions Affected:
> >>     All versions of Apache Knox prior to 0.12.0
> >>
> >> An authenticated user may use a specially crafted URL to impersonate
> >> another
> >> user while accessing WebHDFS through Apache Knox. This may result in
> >> escalated
> >> privileges and unauthorized data access. While this activity is audit
> >> logged
> >> and can be easily associated with the authenticated user, this is still
> a
> >> serious security issue.
> >>
> >> Mitigation:
> >>   All users are recommended to upgrade to Apache Knox 0.12.0,
> >>   where validation, scrubbing and logging of such attempts has been
> added.
> >>
> >> The Apache Knox 0.12.0 release can be downloaded from:
> >> Source: http://www.apache.org/dyn/closer.cgi/knox/0.12.0/knox-0.12.
> >> 0-src.zip
> >> Binary: http://www.apache.org/dyn/closer.cgi/knox/0.12.0/knox-0.
> 12.0.zip
> >>
> >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>

Reply via email to