Apache Gobblin security advisories
Security information for Apache Gobblin
Reporting
Do you want disclose a potential security issue for Apache Gobblin? Send your report to the Apache Security Team.
Advisories
This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public mailinglist or privately on security@apache.org
Insecure TrustManager used in LDAP connections
CVE-2021-36152 [CVE] [CVE json] [OSV json]
Last updated: 2022-02-03T18:26:12.111Z
Affected
- Apache Gobblin from Apache Gobblin through 0.15.0
Description
Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue.
References
Credits
- Apache Gobblin would like to thank Simon Gerst for reporting this issue.
Local Credentials Disclosure Vulnerability
CVE-2021-36151 [CVE] [CVE json] [OSV json]
Last updated: 2022-02-03T18:29:46.145Z
Affected
- Apache Gobblin from Apache Gobblin through 0.15.0
Description
In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue.
References
Credits
- Apache Gobblin would like to thank Jonathan Leitschuh for reporting this issue.