5 matches found
CVE-2021-39236
In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user...
org.apache.hadoop:hadoop-ozone-dist (>=0.4.0-alpha <=0.4.1-alpha), org.apache.hadoop:hadoop-ozone-insight (>=0.5.0-beta <=1.1.0) +3 more potentially affected by CVE-2021-39236 via org.apache.hadoop:hadoop-ozone-ozone-manager (>=0.4.0-alpha <=1.1.0)
org.apache.hadoop:hadoop-ozone-ozone-manager MAVEN version =0.4.0-alpha, =0.4.0-alpha, =0.5.0-beta, =0.4.0-alpha, =0.4.1-alpha, =0.4.0-alpha, =1.1.0 Source cves: CVE-2021-39236 Source advisory: OSV:GHSA-5993-WWPG-M92C...
CVE-2021-39236
creationtimestamp| type| source ---|---|--- 2021-11-19 12:16:34+00:00| seen| https://t.me/cibsecurity/32677 2023-12-22 23:16:56+00:00| seen| https://t.me/ctinow/158650...
CVE-2021-39236 Owners of the S3 tokens are not validated
In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user...
CVE-2021-39236
Apache Ozone (before 1.2.0) is affected. Authenticated users with valid Ozone S3 credentials can create specific OM requests and impersonate other users due to non-validation/inadequate protection of Ozone S3 tokens. Exploitation details are described across multiple sources (including CVE-2021-3...