Improper Authentication in Apache Ozone

2021-11-23T17:56:45
ID OSV:GHSA-5993-WWPG-M92C
Type osv
Reporter Google
Modified 2021-11-23T17:56:45

Description

In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.