GSA_kwCzR0hTQS04NmZoLWo1OG0tN3BmNc0XvA

Critical EPSS: 0.00628% (0.69471 Percentile) EPSS:

Permalink JSON

Improper Privilege Management in Apache Ozone

Affected Packages	Affected Versions	Fixed Versions
maven:org.apache.ozone:ozone-main	< 1.2.0	1.2.0
0 Dependent packages 0 Dependent repositories Affected Version Ranges All affected versions All unaffected versions 1.2.0, 1.2.1, 1.3.0, 1.4.0, 1.4.1, 2.0.0

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-36372
https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E
http://www.openwall.com/lists/oss-security/2021/11/19/1
https://github.com/advisories/GHSA-86fh-j58m-7pf5

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS04NmZoLWo1OG0tN3BmNc0XvA

Improper Privilege Management in Apache Ozone

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API