Vulnerabilities > CVE-2021-39234 - Incorrect Authorization vulnerability in Apache Ozone
Attack vector
NETWORK Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 12 |
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/11/19/5
- http://www.openwall.com/lists/oss-security/2021/11/19/5
- https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3E
- https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3E