Apache · Apache Oozie · CVE-2018-11799
**Name of the Vulnerable Software and Affected Versions**
Apache Oozie versions 3.1.3-incubating through 5.0.0
**Description**
The issue allows a malicious user to impersonate other users by constructing a specific XML, resulting in workflows running under the impersonated user's name.
**Recommendations**
For Apache Oozie versions 3.1.3-incubating through 5.0.0, consider restricting access to workflow construction and execution to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.