CVE-2020-10992

Name of the Vulnerable Software and Affected Versions Azkaban versions prior to 3.84.1

Description The issue allows XXE (XML External Entity) attacks, which is related to the XmlValidatorManager.java and XmlUserManager.java files in the validator and user directories, respectively. This can potentially lead to unauthorized access to sensitive data.

Recommendations For versions prior to 3.84.1, update to version 3.84.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the XmlValidatorManager and XmlUserManager classes until a patch is available. Avoid using external XML entities in the affected modules to minimize the risk of exploitation.