CVE-2021-39234

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-39234
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39234.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-39234
Aliases
Published
2021-11-19T10:15:08Z
Modified
2024-09-03T03:55:45.976523Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.

References

Affected packages

Git / github.com/apache/ozone

Affected ranges

Type
GIT
Repo
https://github.com/apache/ozone
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

ozone-1.*

ozone-1.2.0-RC0