Lucene search
China National Vulnerability DatabaseCNVD-2021-91280HistoryNov 24, 2021 - 12:00 a.m.
Apache Ozone input validation error vulnerability
2021-11-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
0.001 Low
EPSS
Percentile
34.3%
Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an input validation error vulnerability exists in Apache Ozone, which stems from the product’s Ozone Datanode not checking the block token’s access mode parameter. An attacker could use a token with READ privileges to perform a write operation through this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache apache ozone | lt | 1.2.0 |
Related
osv
osv
Incorrect permissions in Apache Ozone
2021-11-23 18:17:41
CVE-2021-39235
2021-11-19 10:15:08
github
github
Incorrect permissions in Apache Ozone
2021-11-23 18:17:41
veracode
veracode
Privilege Escalation
2021-11-22 10:38:49
cve
cve
CVE-2021-39235
2021-11-19 10:15:08
prion
prion
Code injection
2021-11-19 10:15:00
cvelist
cvelist
CVE-2021-39235 Access mode of block tokens are not enforced
2021-11-19 09:20:23
nvd
nvd
CVE-2021-39235
2021-11-19 10:15:08