Lucene search
Veracode Vulnerability DatabaseVERACODE:33052HistoryNov 22, 2021 - 1:48 p.m.
Privilege Escalation
2021-11-2213:48:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
vulnerability
privilege escalation
apache hadoop
access control lists
EPSS
0.001
Percentile
17.2%
org.apache.hadoop:hadoop-ozone-common is vulnerable to privilege escalation. An authenticated attacker is able to gain privileges to access other user blocks via a specifically crafted request when the attacker knows the ID of the existing user block, bypassing other security checks like access control lists.
References
www.openwall.com/lists/oss-security/2021/11/19/5
github.com/apache/ozone/commit/057f0a0e11a92c82ad4ba168e737fa5250188a7f
github.com/apache/ozone/pull/2108
issues.apache.org/jira/browse/HDDS-5061
mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3E
www.openwall.com/lists/oss-security/2021/11/19/5
Related
github
github
Incorrect Authorization in Apache Ozone
2021-11-23 17:56:30
osv
osv
CVE-2021-39234
2021-11-19 10:15:08
Incorrect Authorization in Apache Ozone
2021-11-23 17:56:30
nvd
nvd
CVE-2021-39234
2021-11-19 10:15:08
cve
cve
CVE-2021-39234
2021-11-19 10:15:08
cnvd
cnvd
Apache Ozone Access Control Error Vulnerability (CNVD-2021-91628)
2021-11-24 00:00:00
cvelist
cvelist
CVE-2021-39234 Raw block data can be read bypassing ACL/authorization
2021-11-19 09:20:22
prion
prion
Design/Logic Flaw
2021-11-19 10:15:00