Lucene search
Veracode Vulnerability DatabaseVERACODE:33054HistoryNov 22, 2021 - 4:11 p.m.
Authorization Bypass
2021-11-2216:11:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.004 Low
EPSS
Percentile
72.6%
hadoop-hdds-common is vulnerable to authorization bypass. The library does not properly perform authorization checks, allowing an authenticated attacker to execute admin block operations.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache ozone hdds common | le | 1.1.0.7.2.14.0-149 | |
| apache ozone hdds common | le | 1.1.0.7.2.14.0-149 |
References
www.openwall.com/lists/oss-security/2021/11/19/4
github.com/apache/ozone/commit/355096b9c218a90d01307b7b8782c469300b94bf
github.com/apache/ozone/commit/842e6f6f1002a04eb3dd2c76ef108575f3a751af
github.com/apache/ozone/pull/2186
github.com/apache/ozone/pull/2254
issues.apache.org/jira/browse/HDDS-4729
issues.apache.org/jira/browse/HDDS-5236
mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44dd-b5db-84d8-607c3226eb00%40apache.org%3E
Related
github
github
Incorrect Authorization in Apache Ozone
2021-11-23 18:17:59
osv
osv
Incorrect Authorization in Apache Ozone
2021-11-23 18:17:59
CVE-2021-39233
2021-11-19 10:15:08
prion
prion
Design/Logic Flaw
2021-11-19 10:15:00
cnvd
cnvd
Apache Ozone has unspecified vulnerabilities
2021-11-24 00:00:00
cve
cve
CVE-2021-39233
2021-11-19 10:15:08
cvelist
cvelist
nvd
nvd
CVE-2021-39233
2021-11-19 10:15:08