Lucene search
China National Vulnerability DatabaseCNVD-2021-91629HistoryNov 24, 2021 - 12:00 a.m.
Apache Ozone Licensing Issue Vulnerability (CNVD-2021-91629)
2021-11-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
0.003 Low
EPSS
Percentile
68.2%
Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an authorization issue vulnerability exists in Apache Ozone, which stems from the product’s failure to protect OM requests with valid privileges. An attacker could create a specific OM request to emulate another user with valid Ozone S3 credentials.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache apache ozone | lt | 1.2.0 |
Related
osv
osv
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
2021-11-23 17:56:45
CVE-2021-39236
2021-11-19 10:15:08
cvelist
cvelist
CVE-2021-39236 Owners of the S3 tokens are not validated
2021-11-19 09:20:25
cve
cve
CVE-2021-39236
2021-11-19 10:15:08
prion
prion
Code injection
2021-11-19 10:15:00
veracode
veracode
User Impersonation
2021-11-22 16:51:25
nvd
nvd
CVE-2021-39236
2021-11-19 10:15:08
github
github
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
2021-11-23 17:56:45