PT-2021-17030 · Apache · Livy
Andras Beni
·
Published
2021-02-20
·
Updated
2021-05-13
·
CVE-2021-26544
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Livy version 0.7.0-incubating
Description
The issue is a cross-site scripting flaw in the session name, allowing a malicious user to access logs and results of other users' sessions and run jobs with their privileges.
Recommendations
For Livy version 0.7.0-incubating, update to Livy 0.7.1-incubating to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Livy