Lucene search
+L

121 matches found

cnvd
cnvd
added 2021/11/24 12:0 a.m.19 views

Apache Ozone has unspecified vulnerabilities

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments. a security vulnerability in Apache Ozone version 1.2.0, which stems from the fact that certain administrator-related SCM commands can be executed by any authenticated user...

9.1CVSS3.6AI score0.02296EPSS
Exploits0References1
cnvd
cnvd
added 2021/11/24 12:0 a.m.16 views

Apache Ozone Access Control Error Vulnerability (CNVD-2021-91628)

Apache Ozone is an application. An accessible control error vulnerability exists in Apache Ozone, which stems from the product's failure to add valid permission checks for users. An attacker could bypass ACL checks to access sensitive information through this vulnerability...

6.8CVSS3.9AI score0.01367EPSS
Exploits0References1
cnvd
cnvd
added 2021/11/24 12:0 a.m.18 views

Apache Ozone Licensing Issue Vulnerability (CNVD-2021-91629)

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an authorization issue vulnerability exists in Apache Ozone, which stems from the product's failure to protect OM requests with valid privileges. An attacker could create a...

8.8CVSS2.4AI score0.02483EPSS
Exploits1References1
cnvd
cnvd
added 2021/11/24 12:0 a.m.20 views

Apache Ozone input validation error vulnerability

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an input validation error vulnerability exists in Apache Ozone, which stems from the product's Ozone Datanode not checking the block token's access mode parameter. An...

6.5CVSS1.9AI score0.01501EPSS
Exploits0References1
osv
osv
added 2021/11/23 6:18 p.m.76 views

GHSA-3W5H-X4RH-HC28 Exposure of sensitive information in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...

9.1CVSS9.2AI score0.02296EPSS
Exploits0References4
github
github
added 2021/11/23 6:18 p.m.45 views

Exposure of sensitive information in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...

9.1CVSS8.8AI score0.02296EPSS
Exploits0References4Affected Software1
osv
osv
added 2021/11/23 6:17 p.m.20 views

GHSA-33XH-XCH9-P6HJ Incorrect Authorization in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client...

9.1CVSS9.2AI score0.02296EPSS
Exploits0References3
github
github
added 2021/11/23 6:17 p.m.48 views

Incorrect Authorization in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client...

9.1CVSS8.8AI score0.02296EPSS
Exploits0References4Affected Software1
osv
osv
added 2021/11/23 6:17 p.m.66 views

GHSA-GC37-9G7F-96FX Apache Ozone exposes OM, SCM and Datanode metadata

In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints...

5.3CVSS5.2AI score0.02315EPSS
Exploits0References3
github
github
added 2021/11/23 6:17 p.m.45 views

Apache Ozone exposes OM, SCM and Datanode metadata

In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints...

5.3CVSS1.4AI score0.02315EPSS
Exploits0References4Affected Software1
osv
osv
added 2021/11/23 6:17 p.m.65 views

GHSA-C6J7-4FR9-C76P Incorrect permissions in Apache Ozone

In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...

6.5CVSS6.4AI score0.01501EPSS
Exploits0References4
github
github
added 2021/11/23 6:17 p.m.42 views

Incorrect permissions in Apache Ozone

In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...

6.5CVSS6.4AI score0.01501EPSS
Exploits0References4Affected Software1
osv
osv
added 2021/11/23 5:57 p.m.24 views

GHSA-86FH-J58M-7PF5 Improper Privilege Management in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked...

9.8CVSS9.2AI score0.02445EPSS
Exploits0References4
github
github
added 2021/11/23 5:57 p.m.53 views

Improper Privilege Management in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked...

9.8CVSS8.7AI score0.02445EPSS
Exploits0References4Affected Software1
osv
osv
added 2021/11/23 5:56 p.m.34 views

GHSA-FF84-84Q5-FQ4F Incorrect Authorization in Apache Ozone

In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins...

8.8CVSS8.6AI score0.01632EPSS
Exploits0References4
github
github
added 2021/11/23 5:56 p.m.43 views

Incorrect Authorization in Apache Ozone

In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins...

8.8CVSS8.4AI score0.01632EPSS
Exploits0References4Affected Software1
osv
osv
added 2021/11/23 5:56 p.m.42 views

GHSA-5993-WWPG-M92C Apache Ozone user impersonation due to non-validation of Ozone S3 tokens

In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user...

8.8CVSS8.7AI score0.02483EPSS
Exploits1References8
github
github
added 2021/11/23 5:56 p.m.38 views

Apache Ozone user impersonation due to non-validation of Ozone S3 tokens

In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user...

8.8CVSS8.4AI score0.02483EPSS
Exploits1References8Affected Software1
osv
osv
added 2021/11/23 5:56 p.m.43 views

GHSA-C8CW-2C5J-XFF3 Incorrect Authorization in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL...

6.8CVSS6.5AI score0.01367EPSS
Exploits0References3
github
github
added 2021/11/23 5:56 p.m.33 views

Incorrect Authorization in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL...

6.8CVSS6.5AI score0.01367EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder