Lucene search
China National Vulnerability DatabaseCNVD-2021-91629HistoryNov 24, 2021 - 12:00 a.m.
Apache Ozone Licensing Issue Vulnerability (CNVD-2021-91629)
2021-11-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
apache ozone
authorization
vulnerability
object store
hadoop
cloud-native
cnvd-2021-91629
EPSS
0.003
Percentile
68.1%
Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an authorization issue vulnerability exists in Apache Ozone, which stems from the product’s failure to protect OM requests with valid privileges. An attacker could create a specific OM request to emulate another user with valid Ozone S3 credentials.
Related
veracode
veracode
User Impersonation
2021-11-22 16:51:25
github
github
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
2021-11-23 17:56:45
nvd
nvd
CVE-2021-39236
2021-11-19 10:15:08
osv
osv
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
2021-11-23 17:56:45
CVE-2021-39236
2021-11-19 10:15:08
cvelist
cvelist
CVE-2021-39236 Owners of the S3 tokens are not validated
2021-11-19 09:20:25
prion
prion
Code injection
2021-11-19 10:15:00
cve
cve
CVE-2021-39236
2021-11-19 10:15:08