oss-sec mailing list archives
CVE-2021-39232: Apache Ozone: Missing admin check for SCM related admin commands
From: Siddharth Wagle <swagle () apache org>
Date: Thu, 18 Nov 2021 23:04:45 +0000
Description: Certain admin related SCM commands can be executed by any authenticated users, not just by admins. This issue is being tracked as HDDS-4530 Mitigation: Upgrade to Apache Ozone release version 1.2.0 Credit: Apache Ozone would like to thank Wei-Chiu Chuang for reporting this issue.
Current thread:
- CVE-2021-39232: Apache Ozone: Missing admin check for SCM related admin commands Siddharth Wagle (Nov 19)