Vulnerabilities > CVE-2021-39231 - Missing Authorization vulnerability in Apache Ozone
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 12 |
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/11/19/2
- http://www.openwall.com/lists/oss-security/2021/11/19/2
- https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C110cd117-75ed-364b-cd38-3effd20f2183%40apache.org%3E
- https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C110cd117-75ed-364b-cd38-3effd20f2183%40apache.org%3E