CVE-2021-39233

CRITICAL9.1EPSS 0.65%

Incorrect Authorization in Apache Ozone

Published: 11/23/2021Modified: 11/8/2023

Description

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.

Affected packages (1)

Maven/org.apache.ozone:ozone-mainfrom 0, < 1.2.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-39233
WEBhttps://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44dd-b5db-84d8-607c3226eb00%40apache.org%3E
WEBhttp://www.openwall.com/lists/oss-security/2021/11/19/4