Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0zM3hoLXhjaDktcDZoas0XrQ

Incorrect Authorization in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.

Permalink: https://github.com/advisories/GHSA-33xh-xch9-p6hj
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zM3hoLXhjaDktcDZoas0XrQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 3 years ago
Updated: almost 2 years ago


CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Percentage: 0.00207
EPSS Percentile: 0.58824

Identifiers: GHSA-33xh-xch9-p6hj, CVE-2021-39233
References: Blast Radius: 1.0

Affected Packages

maven:org.apache.ozone:ozone-main
Dependent packages: 0
Dependent repositories: 0
Downloads:
Affected Version Ranges: < 1.2.0
Fixed in: 1.2.0
All affected versions:
All unaffected versions: 1.2.0, 1.2.1, 1.3.0, 1.4.0, 1.4.1