CVE-2021-39234 – org.apache.ozone:ozone-main

Package

Manager: maven
Name: org.apache.ozone:ozone-main
Vulnerable Version: >=0 <1.2.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00271 pctl0.50267

Details

Incorrect Authorization in Apache Ozone In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.

Metadata

Created: 2021-11-23T17:56:30Z
Modified: 2021-11-22T19:05:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-c8cw-2c5j-xff3/GHSA-c8cw-2c5j-xff3.json
CWE IDs: ["CWE-863"]
Alternative ID: GHSA-c8cw-2c5j-xff3
Finding: F006
Auto approve: 1