Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:33055
HistoryNov 22, 2021 - 4:51 p.m.

User Impersonation

2021-11-2216:51:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
hadoop-ozone-common
user impersonation
vulnerability
s3 credentials
om requests

EPSS

0.003

Percentile

68.1%

JSON

hadoop-ozone-common is vulnerable to user impersonation. The vulnerability exists due to an insecure validation of owner field of S3AUTHINFO type delegation token, allowing authenticated users with valid Ozone S3 credentials to create specific OM requests and impersonate other user.

Related

github 1
nvd 1
osv 2
cnvd 1
cvelist 1
prion 1
cve 1
github
github
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
2021-11-23 17:56:45
nvd
nvd
CVE-2021-39236
2021-11-19 10:15:08
osv
osv
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
2021-11-23 17:56:45
CVE-2021-39236
2021-11-19 10:15:08
cnvd
cnvd
Apache Ozone Licensing Issue Vulnerability (CNVD-2021-91629)
2021-11-24 00:00:00
cvelist
cvelist
CVE-2021-39236 Owners of the S3 tokens are not validated
2021-11-19 09:20:25
prion
prion
Code injection
2021-11-19 10:15:00
cve
cve
CVE-2021-39236
2021-11-19 10:15:08

EPSS

0.003

Percentile

68.1%

JSON
Related for VERACODE:33055
github1nvd1osv2cnvd1cvelist1prion1cve1