CVE-2021-39235
MEDIUM6.5EPSS 0.20%Incorrect permissions in Apache Ozone
發布日:2021/11/23修改日:2023/11/14
描述
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.
受影響套件(1)
- Maven/org.apache.ozone:ozone-mainfrom 0, < 1.2.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |