In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2021-11-19T09:20:22

Updated: 2024-08-04T01:58:18.340Z

Reserved: 2021-08-17T00:00:00

Link: CVE-2021-39234

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-19T10:15:08.250

Modified: 2024-11-21T06:18:58.523

Link: CVE-2021-39234

cve-icon Redhat

No data.