oss-sec mailing list archives
CVE-2021-39234: Apache Ozone: Raw block data can be read bypassing ACL/authorization
From: Siddharth Wagle <swagle () apache org>
Date: Thu, 18 Nov 2021 23:06:29 +0000
Description: Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL. This issue is being tracked as HDDS-5061 Mitigation: Upgrade to Apache Ozone release version 1.2.0 Credit: Apache Ozone would like to thank Marton Elek for reporting this issue.
Current thread:
- CVE-2021-39234: Apache Ozone: Raw block data can be read bypassing ACL/authorization Siddharth Wagle (Nov 19)