121 matches found
Apache Ozone has unspecified vulnerabilities
Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments. a security vulnerability in Apache Ozone version 1.2.0, which stems from the fact that certain administrator-related SCM commands can be executed by any authenticated user...
Apache Ozone Access Control Error Vulnerability (CNVD-2021-91628)
Apache Ozone is an application. An accessible control error vulnerability exists in Apache Ozone, which stems from the product's failure to add valid permission checks for users. An attacker could bypass ACL checks to access sensitive information through this vulnerability...
Apache Ozone Licensing Issue Vulnerability (CNVD-2021-91629)
Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an authorization issue vulnerability exists in Apache Ozone, which stems from the product's failure to protect OM requests with valid privileges. An attacker could create a...
Apache Ozone input validation error vulnerability
Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an input validation error vulnerability exists in Apache Ozone, which stems from the product's Ozone Datanode not checking the block token's access mode parameter. An...
GHSA-3W5H-X4RH-HC28 Exposure of sensitive information in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...
Exposure of sensitive information in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...
GHSA-33XH-XCH9-P6HJ Incorrect Authorization in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client...
Incorrect Authorization in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client...
GHSA-GC37-9G7F-96FX Apache Ozone exposes OM, SCM and Datanode metadata
In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints...
Apache Ozone exposes OM, SCM and Datanode metadata
In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints...
GHSA-C6J7-4FR9-C76P Incorrect permissions in Apache Ozone
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...
Incorrect permissions in Apache Ozone
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...
GHSA-86FH-J58M-7PF5 Improper Privilege Management in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked...
Improper Privilege Management in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked...
GHSA-FF84-84Q5-FQ4F Incorrect Authorization in Apache Ozone
In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins...
Incorrect Authorization in Apache Ozone
In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins...
GHSA-5993-WWPG-M92C Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user...
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user...
GHSA-C8CW-2C5J-XFF3 Incorrect Authorization in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL...
Incorrect Authorization in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL...