Apache Ozone Common is vulnerable to privilege escalation attacks. The vulnerability exists because the initially generated block tokens are stored in metadata database and can be retrieved with authenticated users with permission, allowing a malicious user to gain access to the key even after access is revoked.