EPSS
Percentile
17.2%
In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.
www.openwall.com/lists/oss-security/2021/11/19/5
mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2021-39234