Vulnerabilities > CVE-2021-39234 - Incorrect Authorization vulnerability in Apache Ozone
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 12 |