Vulnerabilities > Apache > Ozone > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-19 | CVE-2021-39232 | Missing Authorization vulnerability in Apache Ozone In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins. | 8.8 |
| 2021-11-19 | CVE-2021-39236 | Missing Authorization vulnerability in Apache Ozone In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. | 8.8 |
| 2021-04-27 | CVE-2020-17517 | Missing Authentication for Critical Function vulnerability in Apache Ozone 0.4.2/0.5.0/1.0.0 The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. | 7.5 |