5 matches found
CVE-2021-39236
In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user...
org.apache.hadoop:hadoop-ozone-dist (>=0.4.0-alpha <=0.4.1-alpha), org.apache.hadoop:hadoop-ozone-insight (>=0.5.0-beta <=1.1.0) +3 more potentially affected by CVE-2021-39236 via org.apache.hadoop:hadoop-ozone-ozone-manager (>=0.4.0-alpha <=1.1.0)
org.apache.hadoop:hadoop-ozone-ozone-manager MAVEN version =0.4.0-alpha, =0.4.0-alpha, =0.5.0-beta, =0.4.0-alpha, =0.4.1-alpha, =0.4.0-alpha, =1.1.0 Source cves: CVE-2021-39236 Source advisory: OSV:GHSA-5993-WWPG-M92C...
CVE-2021-39236
creationtimestamp| type| source ---|---|--- 2021-11-19 12:16:34+00:00| seen| https://t.me/cibsecurity/32677 2023-12-22 23:16:56+00:00| seen| https://t.me/ctinow/158650...
CVE-2021-39236
Apache Ozone (before 1.2.0) is affected. Authenticated users with valid Ozone S3 credentials can create specific OM requests and impersonate other users due to non-validation/inadequate protection of Ozone S3 tokens. Exploitation details are described across multiple sources (including CVE-2021-3...
CVE-2021-39236 Owners of the S3 tokens are not validated
In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user...