Lucene search
Veracode Vulnerability DatabaseVERACODE:33043HistoryNov 22, 2021 - 4:54 a.m.
Privilege Escalation
2021-11-2204:54:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.002 Low
EPSS
Percentile
58.7%
Apache Ozone Common is vulnerable to privilege escalation attacks. The vulnerability exists because the initially generated block tokens are stored in metadata database and can be retrieved with authenticated users with permission, allowing a malicious user to gain access to the key even after access is revoked.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache ozone common | le | 1.1.0.7.2.15.0-147 | |
| apache ozone common | le | 1.1.0.7.2.15.0-147 |
Related
cnvd
cnvd
Apache Ozone has an unspecified vulnerability (CNVD-2021-91624)
2021-11-24 00:00:00
cve
cve
CVE-2021-36372
2021-11-19 10:15:07
osv
osv
CVE-2021-36372
2021-11-19 10:15:07
Improper Privilege Management in Apache Ozone
2021-11-23 17:57:14
prion
prion
Design/Logic Flaw
2021-11-19 10:15:00
cvelist
cvelist
CVE-2021-36372 Original block tokens are persisted and can be retrieved
2021-11-19 09:20:16
nvd
nvd
CVE-2021-36372
2021-11-19 10:15:07
github
github
Improper Privilege Management in Apache Ozone
2021-11-23 17:57:14