Vulnerabilities > CVE-2021-39233 - Unspecified vulnerability in Apache Ozone
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 12 |
References
- http://www.openwall.com/lists/oss-security/2021/11/19/4
- http://www.openwall.com/lists/oss-security/2021/11/19/4
- https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44dd-b5db-84d8-607c3226eb00%40apache.org%3E
- https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44dd-b5db-84d8-607c3226eb00%40apache.org%3E