CVE-2021-39231

2021-11-1910:15:08

Google

osv.dev

6.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.

CPENameOperatorVersion
ozoneeqozone-1.2.0-RC0

CPE	Name	Operator	Version
	ozone	eq	ozone-1.2.0-RC0

References

www.openwall.com/lists/oss-security/2021/11/19/2

mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C110cd117-75ed-364b-cd38-3effd20f2183%40apache.org%3E