Vulnerabilities > CVE-2021-41532 - Unspecified vulnerability in Apache Ozone
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 12 |
References
- http://www.openwall.com/lists/oss-security/2021/11/19/8
- http://www.openwall.com/lists/oss-security/2021/11/19/8
- https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3Ce0bc6598-9669-b897-fc28-de8a896e36aa%40apache.org%3E
- https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3Ce0bc6598-9669-b897-fc28-de8a896e36aa%40apache.org%3E