ID CVE-2021-39234
Summary In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:ozone:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:ozone:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:ozone:0.4.2:alpha-rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:ozone:0.4.2:alpha-rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:ozone:0.5.0:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:ozone:0.5.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:ozone:0.5.0:beta-rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:ozone:0.5.0:beta-rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:ozone:0.5.0:beta-rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ozone:0.5.0:beta-rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ozone:0.5.0:beta-rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:ozone:0.5.0:beta-rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:ozone:1.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ozone:1.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ozone:1.0.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:ozone:1.0.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:ozone:1.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ozone:1.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ozone:1.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ozone:1.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ozone:1.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ozone:1.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ozone:1.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:ozone:1.1.0:rc2:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 19-11-2021 - 14:53)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:N
Last major update 19-11-2021 - 14:53
Published 19-11-2021 - 10:15
Last modified 19-11-2021 - 14:53
Back to Top