EPSS
Percentile
34.2%
hadoop-ozone-ozone-manager is vulnerable to privilege escalation. The library does not check the access mode parameter of the block token, allowing an attacker with a read block token to do write operations.
www.openwall.com/lists/oss-security/2021/11/19/6
github.com/apache/ozone/commit/58e08eeb6fcd02671ca4e7d14ce85be2a6ee3f96
github.com/apache/ozone/pull/1758
mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E