CVE-2021-39234

MEDIUM6.8EPSS 0.15%

Incorrect Authorization in Apache Ozone

Published: 11/23/2021Modified: 11/8/2023

Description

In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.

Affected packages (1)

Maven/org.apache.ozone:ozone-mainfrom 0, < 1.2.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.8	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-39234
WEBhttps://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3E
WEBhttp://www.openwall.com/lists/oss-security/2021/11/19/5