CVE-2021-39232 – org.apache.ozone:ozone-main

Package

Manager: maven
Name: org.apache.ozone:ozone-main
Vulnerable Version: >=0 <1.2.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00713 pctl0.7146

Details

Incorrect Authorization in Apache Ozone In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.

Metadata

Created: 2021-11-23T17:56:54Z
Modified: 2023-11-14T21:49:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-ff84-84q5-fq4f/GHSA-ff84-84q5-fq4f.json
CWE IDs: ["CWE-862", "CWE-863"]
Alternative ID: GHSA-ff84-84q5-fq4f
Finding: F039
Auto approve: 1