Security Advisory

CVE-2021-26544

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-02-20 09:00:15

Last updated 2025-02-13 16:27:53

Assigner apache

State PUBLISHED

Description

Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating.

← Browse all CVEs View on cve.org ↗