12 matches found
CVE-2021-39235
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...
Apache Ozone input validation error vulnerability
Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an input validation error vulnerability exists in Apache Ozone, which stems from the product's Ozone Datanode not checking the block token's access mode parameter. An...
Privilege Escalation
hadoop-ozone-ozone-manager is vulnerable to privilege escalation. The library does not check the access mode parameter of the block token, allowing an attacker with a read block token to do write operations...
CVE-2021-39235
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...
CVE-2021-39235
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...
Code injection
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...
Apache Ozone 输入验证错误漏洞
Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an input validation error vulnerability exists in Apache Ozone, which stems from the product's Ozone Datanode not checking the block token's access mode parameter. An...
PT-2021-22485 · Apache · Apache Ozone
Name of the Vulnerable Software and Affected Versions: Apache Ozone versions prior to 1.2.0 Description: The issue arises because the Ozone Datanode in Apache Ozone does not check the access mode parameter of the block token. As a result, authenticated users who have a valid READ block token can...
Information disclosure
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in t...
CVE-2016-5001
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in t...
CVE-2016-5001
CVE-2016-5001 affects Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2, in the HDFS short-circuit reads feature. Root cause: a flaw in the token-based access control that lets a local DataNode user craft a block token to read arbitrary files. Impact: information disclosure (unauthorized read acc...
Information Disclosure
Apache Hadoop is vulnerable to information disclosure. A local user on an HDFS DataNode may be able to generate a block token that grants unauthorized read access to random files by guessing certain fields in the token...