In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2021-11-19T09:20:23

Updated: 2024-08-04T02:06:41.327Z

Reserved: 2021-08-17T00:00:00

Link: CVE-2021-39235

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-19T10:15:08.303

Modified: 2024-11-21T06:18:58.673

Link: CVE-2021-39235

cve-icon Redhat

No data.