oss-sec mailing list archives
CVE-2021-39233: Apache Ozone: Container-related datanode operations can be called without authorization
From: Siddharth Wagle <swagle () apache org>
Date: Thu, 18 Nov 2021 23:06:09 +0000
Description: Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client. This issue is being tracked as HDDS-4729,HDDS-5236 Mitigation: Upgrade to Apache Ozone release version 1.2.0 Credit: Apache Ozone would like to thank Marton Elek for reporting this issue.
Current thread:
- CVE-2021-39233: Apache Ozone: Container-related datanode operations can be called without authorization Siddharth Wagle (Nov 19)