Lucene search
ApacheCVELIST:CVE-2021-39236HistoryNov 19, 2021 - 9:20 a.m.
CVE-2021-39236 Owners of the S3 tokens are not validated
2021-11-1909:20:25
CWE-862
apache
www.cve.org
5
cve-2021-39236
s3 tokens
validation
apache ozone
In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.
CNA Affected
[
{
"product": "Apache Ozone",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
]Related
github
github
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
2021-11-23 17:56:45
nvd
nvd
CVE-2021-39236
2021-11-19 10:15:08
osv
osv
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
2021-11-23 17:56:45
CVE-2021-39236
2021-11-19 10:15:08
cnvd
cnvd
Apache Ozone Licensing Issue Vulnerability (CNVD-2021-91629)
2021-11-24 00:00:00
veracode
veracode
User Impersonation
2021-11-22 16:51:25
prion
prion
Code injection
2021-11-19 10:15:00
cve
cve
CVE-2021-39236
2021-11-19 10:15:08