oss-sec mailing list archives
CVE-2021-41532: Apache Ozone: Unauthenticated access to Ozone Recon HTTP endpoints
From: Siddharth Wagle <swagle () apache org>
Date: Thu, 18 Nov 2021 23:07:46 +0000
Severity: moderate Description: Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints. This issue is being tracked as HDDS-5691 Mitigation: Upgrade to Apache Ozone release version 1.2.0 Credit: Apache Ozone would like to thank Ethan Rose for reporting this issue.
Current thread:
- CVE-2021-41532: Apache Ozone: Unauthenticated access to Ozone Recon HTTP endpoints Siddharth Wagle (Nov 19)