CVE-2023-39196

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-39196

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39196.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-39196

Aliases

GHSA-6726-2rx3-cgwh

Withdrawn

2024-09-03T04:41:27.191719Z

Published

2024-02-07T13:15:07Z

Modified

2024-09-02T20:55:33Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Improper Authentication vulnerability in Apache Ozone.

The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication. The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability. The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone. This issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0.

Users are recommended to upgrade to version 1.4.0, which fixes the issue.

References

Affected packages

Git / github.com/apache/ozone

Affected ranges

Type: GIT
Repo: https://github.com/apache/ozone
Events: Introduced

9ee6f1872dca8469057d3c7bf880931c0e7b7f3e

Last affected

d0d18a3bff64b90f5f0755edb6003301049ffb32