Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:42 p.m.6 views

CVE-2021-39236

In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user...

8.8CVSS7.2AI score0.02483EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2021/11/23 5:56 p.m.6 views

org.apache.hadoop:hadoop-ozone-dist (>=0.4.0-alpha <=0.4.1-alpha), org.apache.hadoop:hadoop-ozone-insight (>=0.5.0-beta <=1.1.0) +3 more potentially affected by CVE-2021-39236 via org.apache.hadoop:hadoop-ozone-ozone-manager (>=0.4.0-alpha <=1.1.0)

org.apache.hadoop:hadoop-ozone-ozone-manager MAVEN version =0.4.0-alpha, =0.4.0-alpha, =0.5.0-beta, =0.4.0-alpha, =0.4.1-alpha, =0.4.0-alpha, =1.1.0 Source cves: CVE-2021-39236 Source advisory: OSV:GHSA-5993-WWPG-M92C...

8.8CVSS7.2AI score0.02483EPSS
Exploits1
Circl
Circl
added 2021/11/19 12:16 p.m.5 views

CVE-2021-39236

creationtimestamp| type| source ---|---|--- 2021-11-19 12:16:34+00:00| seen| https://t.me/cibsecurity/32677 2023-12-22 23:16:56+00:00| seen| https://t.me/ctinow/158650...

8.8CVSS8.1AI score0.02483EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/11/19 9:20 a.m.26 views

CVE-2021-39236 Owners of the S3 tokens are not validated

In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user...

8.9AI score0.02483EPSS
Exploits1References3
CVE
CVE
added 2021/11/19 9:20 a.m.61 views

CVE-2021-39236

Apache Ozone (before 1.2.0) is affected. Authenticated users with valid Ozone S3 credentials can create specific OM requests and impersonate other users due to non-validation/inadequate protection of Ozone S3 tokens. Exploitation details are described across multiple sources (including CVE-2021-3...

8.8CVSS8.7AI score0.02483EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder